gootkit | 7af90590d1cd4e6f6d9d54bfc65e827d5ed0b062241e92d0a71eb991d079d989 | Triage

Sharing

General

Target

7af90590d1cd4e6f6d9d54bfc65e827d5ed0b062241e92d0a71eb991d079d989
Size

190KB
Sample

220731-h419vsebf8
MD5

cfe77040029dbc2a5a6a416c02017bd0
SHA1

3b01ffd567b3443d0613f867a69ce4a60d2d7a26
SHA256

7af90590d1cd4e6f6d9d54bfc65e827d5ed0b062241e92d0a71eb991d079d989
SHA512

5bbc23aee0b94c774b9d0795e94f019f2c86e1966a6bbfec0bca0b71fc0c3caa01754fc8960e70fdfa92cc627bc06602a90aba96d2af25b09b7b2e4d1ec21332

Score

10^/10

gootkit 2855 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

2855

C2

me.jmitchelldayton.com

otnhmtkwodm1.site

Attributes

vendor_id
2855

Targets

- Target
  
  7af90590d1cd4e6f6d9d54bfc65e827d5ed0b062241e92d0a71eb991d079d989
- Size
  
  190KB
- MD5
  
  cfe77040029dbc2a5a6a416c02017bd0
- SHA1
  
  3b01ffd567b3443d0613f867a69ce4a60d2d7a26
- SHA256
  
  7af90590d1cd4e6f6d9d54bfc65e827d5ed0b062241e92d0a71eb991d079d989
- SHA512
  
  5bbc23aee0b94c774b9d0795e94f019f2c86e1966a6bbfec0bca0b71fc0c3caa01754fc8960e70fdfa92cc627bc06602a90aba96d2af25b09b7b2e4d1ec21332
Score

10^/10

gootkit 2855 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gootkit2855bankerbotnettrojan

behavioral2

gootkit2855bankerbotnettrojan