gootkit | 3e846a7316dbc15a38cfd522b14ad3f1a72d79959cbae9fd14621400d77cbc37 | Triage

Sharing

General

Target

3e846a7316dbc15a38cfd522b14ad3f1a72d79959cbae9fd14621400d77cbc37
Size

190KB
Sample

220701-htz9tahabj
MD5

b317f65392f062494cd4d1b386b5ced1
SHA1

495d9526a469aeaa253a00f571b1348fe95f745c
SHA256

3e846a7316dbc15a38cfd522b14ad3f1a72d79959cbae9fd14621400d77cbc37
SHA512

e9452e9cdaf5a4b48af351005f9b3d043e8f26de5eaa47971f5493a20acedf0dbcd9dfe6301e17fcb527827ce3faee8de87d1b15da1e11801b7eeef0c74e0281

Score

10^/10

gootkit 2860 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

2860

C2

adp.reevesandcompany.com

picturecrafting.site

Attributes

vendor_id
2860

Targets

- Target
  
  3e846a7316dbc15a38cfd522b14ad3f1a72d79959cbae9fd14621400d77cbc37
- Size
  
  190KB
- MD5
  
  b317f65392f062494cd4d1b386b5ced1
- SHA1
  
  495d9526a469aeaa253a00f571b1348fe95f745c
- SHA256
  
  3e846a7316dbc15a38cfd522b14ad3f1a72d79959cbae9fd14621400d77cbc37
- SHA512
  
  e9452e9cdaf5a4b48af351005f9b3d043e8f26de5eaa47971f5493a20acedf0dbcd9dfe6301e17fcb527827ce3faee8de87d1b15da1e11801b7eeef0c74e0281
Score

10^/10

gootkit 2860 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit2860bankerbotnettrojan

behavioral2

gootkit2860bankerbotnettrojan