gootkit | 4abfffe8cb6c7e6c1a4b18afa7cf91f5a2c3a2ea5be0f8d333e3212f7362281f | Triage

Sharing

General

Target

4abfffe8cb6c7e6c1a4b18afa7cf91f5a2c3a2ea5be0f8d333e3212f7362281f
Size

250KB
Sample

220712-pew26shfel
MD5

ac0d4fa399c1a437f5489250cfadc80e
SHA1

e21d80a53eef28a5b238459aef73ca6b7f6a92fc
SHA256

4abfffe8cb6c7e6c1a4b18afa7cf91f5a2c3a2ea5be0f8d333e3212f7362281f
SHA512

eb3e56a6c8d817d78d52ec28d3a800d39b0e5e2ccdf57c81b45f825085186773027051f35daae0cfaf8f5bb69f92821175f9e37324826502b9cbd505a610b8e8

Score

10^/10

gootkit 777 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

777

C2

chaabattent.com

kladrykroptur.com

madregobilsg.com

kerymarynicegross.com

pillygreamstronh.com

Attributes

vendor_id
777

Targets

- Target
  
  4abfffe8cb6c7e6c1a4b18afa7cf91f5a2c3a2ea5be0f8d333e3212f7362281f
- Size
  
  250KB
- MD5
  
  ac0d4fa399c1a437f5489250cfadc80e
- SHA1
  
  e21d80a53eef28a5b238459aef73ca6b7f6a92fc
- SHA256
  
  4abfffe8cb6c7e6c1a4b18afa7cf91f5a2c3a2ea5be0f8d333e3212f7362281f
- SHA512
  
  eb3e56a6c8d817d78d52ec28d3a800d39b0e5e2ccdf57c81b45f825085186773027051f35daae0cfaf8f5bb69f92821175f9e37324826502b9cbd505a610b8e8
Score

10^/10

gootkit 777 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit777bankerbotnettrojan

behavioral2

gootkit777bankerbotnettrojan