gootkit | 447cc763a5679488a14b4c990a13879dda434b87029cda1874b4c4746457488b | Triage

Sharing

General

Target

447cc763a5679488a14b4c990a13879dda434b87029cda1874b4c4746457488b
Size

268KB
Sample

220707-xs172sgccj
MD5

ba6c566db676ab4bb59c2bebd3572e34
SHA1

867b008a64d9db16fc6c3663ddf0cb5236c89d37
SHA256

447cc763a5679488a14b4c990a13879dda434b87029cda1874b4c4746457488b
SHA512

818a07dc63825502a16c4af9645378040da7019734c5d0415901120ffd2fac7c884415bdc141d71813deb29d738d8118c231b5381025319ef564f5a5061353db

Score

10^/10

gootkit 410 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

410

C2

parking.dynophyl.com

parked.dynonortheast.com

trktrk.eu

smeinsurances.co.uk

Attributes

vendor_id
410

Targets

- Target
  
  447cc763a5679488a14b4c990a13879dda434b87029cda1874b4c4746457488b
- Size
  
  268KB
- MD5
  
  ba6c566db676ab4bb59c2bebd3572e34
- SHA1
  
  867b008a64d9db16fc6c3663ddf0cb5236c89d37
- SHA256
  
  447cc763a5679488a14b4c990a13879dda434b87029cda1874b4c4746457488b
- SHA512
  
  818a07dc63825502a16c4af9645378040da7019734c5d0415901120ffd2fac7c884415bdc141d71813deb29d738d8118c231b5381025319ef564f5a5061353db
Score

10^/10

gootkit 410 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit410bankerbotnettrojan

behavioral2