gootkit | aa055c92547679de5e334d1b2f280090ae327837f880f43ac1fdbb9f333c3bdb | Triage

Sharing

General

Target

aa055c92547679de5e334d1b2f280090ae327837f880f43ac1fdbb9f333c3bdb
Size

96KB
Sample

221108-hpr3mscga7
MD5

7b69d0eb0522f429eceffd28a45a6614
SHA1

595a82453fb5d7db6f5f3a4a4e43e42c62e5d98c
SHA256

aa055c92547679de5e334d1b2f280090ae327837f880f43ac1fdbb9f333c3bdb
SHA512

e04f935bd1ddc0b1b52a9c9feb948d321b67b0d9917584258a5b5cb60e822cfc2a0e5814a9a162104212e5e2f4d49c9fc1d605301c27e0612d8b9df315bca0c8
SSDEEP

1536:LSGilXVXRErrlWa34Eflzoc5ltNNFdNwi1cIAD0FZEeDHIBFJwdT1BClf5E+w7SH:GpS4EflocPtNNheD47dxBU5Nw7S3j

Score

10^/10

gootkit 1001 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

1001

C2

pell-talak.com

gudsline.com

Attributes

vendor_id
1001

Targets

- Target
  
  aa055c92547679de5e334d1b2f280090ae327837f880f43ac1fdbb9f333c3bdb
- Size
  
  96KB
- MD5
  
  7b69d0eb0522f429eceffd28a45a6614
- SHA1
  
  595a82453fb5d7db6f5f3a4a4e43e42c62e5d98c
- SHA256
  
  aa055c92547679de5e334d1b2f280090ae327837f880f43ac1fdbb9f333c3bdb
- SHA512
  
  e04f935bd1ddc0b1b52a9c9feb948d321b67b0d9917584258a5b5cb60e822cfc2a0e5814a9a162104212e5e2f4d49c9fc1d605301c27e0612d8b9df315bca0c8
- SSDEEP
  
  1536:LSGilXVXRErrlWa34Eflzoc5ltNNFdNwi1cIAD0FZEeDHIBFJwdT1BClf5E+w7SH:GpS4EflocPtNNheD47dxBU5Nw7S3j
Score

10^/10

gootkit 1001 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gootkit1001bankerbotnettrojan

behavioral2

gootkit1001bankerbotnettrojan