gootkit | 43509f678cd6d6f3ea2d6a8fb86ffbd7b7bca5ee8d4a14be763770769417de5d | Triage

Sharing

General

Target

43509f678cd6d6f3ea2d6a8fb86ffbd7b7bca5ee8d4a14be763770769417de5d
Size

97KB
Sample

220707-3am6csaaf9
MD5

3be315046348568a36b8976f64ce7297
SHA1

96f95f161f01926928dec5560a5a1c5094e4e6a2
SHA256

43509f678cd6d6f3ea2d6a8fb86ffbd7b7bca5ee8d4a14be763770769417de5d
SHA512

d5857f4aa8ddf34334de82f182065a1cb80fc0f17d75620a3677aa6225b3024cf1472fab23ac8f88b0096336dd0845bdfe36270c49ade99d124585a133b5f74a

Score

10^/10

gootkit 1001 banker botnet suricata trojan

Malware Config

Extracted

Family

gootkit

Botnet

1001

C2

pell-talak.com

gudsline.com

Attributes

vendor_id
1001

Targets

- Target
  
  43509f678cd6d6f3ea2d6a8fb86ffbd7b7bca5ee8d4a14be763770769417de5d
- Size
  
  97KB
- MD5
  
  3be315046348568a36b8976f64ce7297
- SHA1
  
  96f95f161f01926928dec5560a5a1c5094e4e6a2
- SHA256
  
  43509f678cd6d6f3ea2d6a8fb86ffbd7b7bca5ee8d4a14be763770769417de5d
- SHA512
  
  d5857f4aa8ddf34334de82f182065a1cb80fc0f17d75620a3677aa6225b3024cf1472fab23ac8f88b0096336dd0845bdfe36270c49ade99d124585a133b5f74a
Score

10^/10

gootkit 1001 banker botnet suricata trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- suricata: ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gootkit C2)
  suricata: ET MALWARE ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gootkit C2)
  suricata
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gootkit1001bankerbotnetsuricatatrojan

behavioral2

gootkit1001bankerbotnetsuricatatrojan