gootkit | 502d9d30c00e3fefd740634b408fe446dcfc703e5029dd7bc53d00bd051262a2 | Triage

Sharing

General

Target

502d9d30c00e3fefd740634b408fe446dcfc703e5029dd7bc53d00bd051262a2
Size

190KB
Sample

220719-lat58sbeeq
MD5

93feb4f8eb80e9f02595ccfd85a51b69
SHA1

5ab52eb607575c44a64afbbac0f2ca12af696500
SHA256

502d9d30c00e3fefd740634b408fe446dcfc703e5029dd7bc53d00bd051262a2
SHA512

8894414f408cc1ca2405dbcbbf860fdcb67cb377f7bde9c75cc5385a2f7a9f7ec498054b83b206c89e1443b5588d333094cc2506390ee080b6209c9d4e5d8217

Score

10^/10

gootkit 2856 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

2856

C2

it.its1ofakind.net

zgzimtkwotm2.top

Attributes

vendor_id
2856

Targets

- Target
  
  502d9d30c00e3fefd740634b408fe446dcfc703e5029dd7bc53d00bd051262a2
- Size
  
  190KB
- MD5
  
  93feb4f8eb80e9f02595ccfd85a51b69
- SHA1
  
  5ab52eb607575c44a64afbbac0f2ca12af696500
- SHA256
  
  502d9d30c00e3fefd740634b408fe446dcfc703e5029dd7bc53d00bd051262a2
- SHA512
  
  8894414f408cc1ca2405dbcbbf860fdcb67cb377f7bde9c75cc5385a2f7a9f7ec498054b83b206c89e1443b5588d333094cc2506390ee080b6209c9d4e5d8217
Score

10^/10

gootkit 2856 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gootkit2856bankerbotnettrojan

behavioral2

gootkit2856bankerbotnettrojan