gootkit | 8c338feff17e2893d8ef36b0477d6b8e44c6146d4223e0013c99f89a01116a7d | Triage

Sharing

General

Target

8c338feff17e2893d8ef36b0477d6b8e44c6146d4223e0013c99f89a01116a7d
Size

249KB
Sample

220731-h12ffsfabr
MD5

de55f92fcc38046896677011e9a4fc2c
SHA1

1e5d3815b41cc57d7315126cdff526f3ca8c4bbe
SHA256

8c338feff17e2893d8ef36b0477d6b8e44c6146d4223e0013c99f89a01116a7d
SHA512

816840838360389cfde7b634cb61206a1b6480f3165050b4faa1f8bf2d99efc7790e201f10f56963e8de4df80c7c6c9ef701c7c1628e4ddc740732537f0ce555

Score

10^/10

gootkit 777 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

777

C2

chaabattent.com

kladrykroptur.com

madregobilsg.com

kerymarynicegross.com

pillygreamstronh.com

Attributes

vendor_id
777

Targets

- Target
  
  8c338feff17e2893d8ef36b0477d6b8e44c6146d4223e0013c99f89a01116a7d
- Size
  
  249KB
- MD5
  
  de55f92fcc38046896677011e9a4fc2c
- SHA1
  
  1e5d3815b41cc57d7315126cdff526f3ca8c4bbe
- SHA256
  
  8c338feff17e2893d8ef36b0477d6b8e44c6146d4223e0013c99f89a01116a7d
- SHA512
  
  816840838360389cfde7b634cb61206a1b6480f3165050b4faa1f8bf2d99efc7790e201f10f56963e8de4df80c7c6c9ef701c7c1628e4ddc740732537f0ce555
Score

10^/10

gootkit 777 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gootkit777bankerbotnettrojan

behavioral2

gootkit777bankerbotnettrojan