gootkit | 51c54ed3a0a1fd2576cecf974d189043f42355c1c97ba761d88a0885e732f4f1 | Triage

Sharing

General

Target

51c54ed3a0a1fd2576cecf974d189043f42355c1c97ba761d88a0885e732f4f1
Size

268KB
Sample

220717-ssy1gaebam
MD5

191e32c98a540b72ebddf3dfbb3436a4
SHA1

f812053fbb4dd3bb776b70b88a3bc494de7f9177
SHA256

51c54ed3a0a1fd2576cecf974d189043f42355c1c97ba761d88a0885e732f4f1
SHA512

971c569e0389d9bd356200e3b1a9c8a644d5c09998108b9decf188c67143406850e58f64ba89c5be2fb307754050e997176352ebbd44ee51e81493075363f7fb

Score

10^/10

gootkit 2410 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

2410

C2

clean.eco2plastic.com

ecos.eco2environmental.biz

trkajtools.com

quoteszones.com

mobileinstore.co.uk

Attributes

vendor_id
2410

Targets

- Target
  
  51c54ed3a0a1fd2576cecf974d189043f42355c1c97ba761d88a0885e732f4f1
- Size
  
  268KB
- MD5
  
  191e32c98a540b72ebddf3dfbb3436a4
- SHA1
  
  f812053fbb4dd3bb776b70b88a3bc494de7f9177
- SHA256
  
  51c54ed3a0a1fd2576cecf974d189043f42355c1c97ba761d88a0885e732f4f1
- SHA512
  
  971c569e0389d9bd356200e3b1a9c8a644d5c09998108b9decf188c67143406850e58f64ba89c5be2fb307754050e997176352ebbd44ee51e81493075363f7fb
Score

10^/10

gootkit 2410 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gootkit2410bankerbotnettrojan

behavioral2

gootkit2410bankerbotnettrojan