gootkit | c074370ebaf995bbc055c60b4fe66dfef408510bf6719e24593b967ca5231c7b | Triage

Sharing

General

Target

c074370ebaf995bbc055c60b4fe66dfef408510bf6719e24593b967ca5231c7b
Size

252KB
Sample

220731-g7hq9aceg7
MD5

7b2bec1b46a514077649345bd7a50e4d
SHA1

70443b767b90acb7784ee1276d9bc5e50afd207c
SHA256

c074370ebaf995bbc055c60b4fe66dfef408510bf6719e24593b967ca5231c7b
SHA512

4f608842b8e51d7b2f5ab570c9f49b111c8cba7e152945599d0f6b0299480439a59cb3db5a7efa5f77ef43338f3a6a03a65644700f811fbf96ef538e2a0a9c31

Score

10^/10

gootkit 777 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

777

C2

madregobilsg.com

kerymarynicegross.com

pillygreamstronh.com

charnchiumbong.com

kiwimujirahdron.com

Attributes

vendor_id
777

Targets

- Target
  
  c074370ebaf995bbc055c60b4fe66dfef408510bf6719e24593b967ca5231c7b
- Size
  
  252KB
- MD5
  
  7b2bec1b46a514077649345bd7a50e4d
- SHA1
  
  70443b767b90acb7784ee1276d9bc5e50afd207c
- SHA256
  
  c074370ebaf995bbc055c60b4fe66dfef408510bf6719e24593b967ca5231c7b
- SHA512
  
  4f608842b8e51d7b2f5ab570c9f49b111c8cba7e152945599d0f6b0299480439a59cb3db5a7efa5f77ef43338f3a6a03a65644700f811fbf96ef538e2a0a9c31
Score

10^/10

gootkit 777 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gootkit777bankerbotnettrojan

behavioral2

gootkit777bankerbotnettrojan