gootkit | 46041271b0d9461b5dab77b643ae0cd3195f227c677504a7b485497f1c5a7634 | Triage

Sharing

General

Target

46041271b0d9461b5dab77b643ae0cd3195f227c677504a7b485497f1c5a7634
Size

268KB
Sample

220707-l5t4qaccfn
MD5

809ff40a9619745b5e753168d638a100
SHA1

2465e77e211ab7f88d2c7d61af5f5e2a7f8d5f5a
SHA256

46041271b0d9461b5dab77b643ae0cd3195f227c677504a7b485497f1c5a7634
SHA512

dc9bee27760392ccbfaf6eba89d83501babe0900e32555fdeec05b25c33f1c95097d379ad5d51a094613a1288f51678c8f9cef5979245ffd0f02edafbec98745

Score

10^/10

gootkit 410 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

410

C2

parking.dynophyl.com

parked.dynonortheast.com

trktrk.eu

smeinsurances.co.uk

Attributes

vendor_id
410

Targets

- Target
  
  46041271b0d9461b5dab77b643ae0cd3195f227c677504a7b485497f1c5a7634
- Size
  
  268KB
- MD5
  
  809ff40a9619745b5e753168d638a100
- SHA1
  
  2465e77e211ab7f88d2c7d61af5f5e2a7f8d5f5a
- SHA256
  
  46041271b0d9461b5dab77b643ae0cd3195f227c677504a7b485497f1c5a7634
- SHA512
  
  dc9bee27760392ccbfaf6eba89d83501babe0900e32555fdeec05b25c33f1c95097d379ad5d51a094613a1288f51678c8f9cef5979245ffd0f02edafbec98745
Score

10^/10

gootkit 410 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gootkit410bankerbotnettrojan

behavioral2