gootkit | 1719cf1042e64bb5cef873edbd08c6f9d741e4747ab2e051a9cd8bcc43bc88ad | Triage

Sharing

General

Target

1719cf1042e64bb5cef873edbd08c6f9d741e4747ab2e051a9cd8bcc43bc88ad
Size

324KB
Sample

221024-mnyagsgab8
MD5

3db1e36f7d4dcf040e60114e8c43fea5
SHA1

d9593fb5ef255e990e6c13e5a33c37666bdd2436
SHA256

1719cf1042e64bb5cef873edbd08c6f9d741e4747ab2e051a9cd8bcc43bc88ad
SHA512

c2d134a73c6b38ffaf8b2afcf7d1d5db8571d58542a424ca4156903513ecdc0548b7808b56cc75ad151a554e00b8402d9ca3ca9301007c59432cae519c822c87
SSDEEP

3072:BGLsImbWiEPUDB3utSIS/LV4amVDGVy2EF5PSyA1Rsi3NEU0lWwJx/ILM+mKxLx0:BnE+/LV4/uEXox0AwD/ILuKxLxM8tfq

Score

10^/10

gootkit 2222 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

2222

C2

lulz.oromiablog.com

lala.oromianews.com

lond24don13cap4ital.com

Attributes

vendor_id
2222

Targets

- Target
  
  1719cf1042e64bb5cef873edbd08c6f9d741e4747ab2e051a9cd8bcc43bc88ad
- Size
  
  324KB
- MD5
  
  3db1e36f7d4dcf040e60114e8c43fea5
- SHA1
  
  d9593fb5ef255e990e6c13e5a33c37666bdd2436
- SHA256
  
  1719cf1042e64bb5cef873edbd08c6f9d741e4747ab2e051a9cd8bcc43bc88ad
- SHA512
  
  c2d134a73c6b38ffaf8b2afcf7d1d5db8571d58542a424ca4156903513ecdc0548b7808b56cc75ad151a554e00b8402d9ca3ca9301007c59432cae519c822c87
- SSDEEP
  
  3072:BGLsImbWiEPUDB3utSIS/LV4amVDGVy2EF5PSyA1Rsi3NEU0lWwJx/ILM+mKxLx0:BnE+/LV4/uEXox0AwD/ILuKxLxM8tfq
Score

10^/10

gootkit 2222 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit2222bankerbotnettrojan

behavioral2

gootkit2222bankerbotnettrojan