gootkit | 704ae96ace7072fa4cff2ad775286ec2654c4b07b31a1e5767e06847e75f45b2 | Triage

Sharing

General

Target

704ae96ace7072fa4cff2ad775286ec2654c4b07b31a1e5767e06847e75f45b2
Size

191KB
Sample

220724-x85v6sdfe7
MD5

3c413d0ce7376823e40a0a2d6360ec36
SHA1

1a58304f05fcd4cd42758978fac8999db13ef862
SHA256

704ae96ace7072fa4cff2ad775286ec2654c4b07b31a1e5767e06847e75f45b2
SHA512

d9b079895e47e4ec49013e1b54d2013418b04247c0a2ab465af374f8ffa21c50a3f4235c75d61777db56de4da0409109e030de6ebc8144558fccd8dff2ba5510

Score

10^/10

gootkit 2860 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

2860

C2

adp.reevesandcompany.com

picturecrafting.site

Attributes

vendor_id
2860

Targets

- Target
  
  704ae96ace7072fa4cff2ad775286ec2654c4b07b31a1e5767e06847e75f45b2
- Size
  
  191KB
- MD5
  
  3c413d0ce7376823e40a0a2d6360ec36
- SHA1
  
  1a58304f05fcd4cd42758978fac8999db13ef862
- SHA256
  
  704ae96ace7072fa4cff2ad775286ec2654c4b07b31a1e5767e06847e75f45b2
- SHA512
  
  d9b079895e47e4ec49013e1b54d2013418b04247c0a2ab465af374f8ffa21c50a3f4235c75d61777db56de4da0409109e030de6ebc8144558fccd8dff2ba5510
Score

10^/10

gootkit 2860 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gootkit2860bankerbotnettrojan

behavioral2

gootkit2860bankerbotnettrojan