gootkit | 4781397885bff04479080503ad5ede6d8463e354c7a8cc04a72a5cee9ad3fb59 | Triage

Sharing

General

Target

4781397885bff04479080503ad5ede6d8463e354c7a8cc04a72a5cee9ad3fb59
Size

250KB
Sample

221130-qnjnwagd7x
MD5

35d7f82a7ffa92c254171d8691ca9c60
SHA1

e62bdc2e3290f660c4b01891dca6bf0584cd6c29
SHA256

4781397885bff04479080503ad5ede6d8463e354c7a8cc04a72a5cee9ad3fb59
SHA512

30f22ff5eb5d92eec17e7b48a57883ff4a4590122dda62846fc1eeed1228d67c520072eb98986ceaf23255afaf9420082ace546bbaf3aafb8913f395717c69b3
SSDEEP

6144:1/FsObxyl2q+qGFcSRlQLyQrByTkbjobQjt5r0A7RVx:1/hMl2FqGIRA4/jt5rTRX

Score

10^/10

gootkit 777 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

777

C2

chaabattent.com

kladrykroptur.com

madregobilsg.com

kerymarynicegross.com

pillygreamstronh.com

Attributes

vendor_id
777

Targets

- Target
  
  4781397885bff04479080503ad5ede6d8463e354c7a8cc04a72a5cee9ad3fb59
- Size
  
  250KB
- MD5
  
  35d7f82a7ffa92c254171d8691ca9c60
- SHA1
  
  e62bdc2e3290f660c4b01891dca6bf0584cd6c29
- SHA256
  
  4781397885bff04479080503ad5ede6d8463e354c7a8cc04a72a5cee9ad3fb59
- SHA512
  
  30f22ff5eb5d92eec17e7b48a57883ff4a4590122dda62846fc1eeed1228d67c520072eb98986ceaf23255afaf9420082ace546bbaf3aafb8913f395717c69b3
- SSDEEP
  
  6144:1/FsObxyl2q+qGFcSRlQLyQrByTkbjobQjt5r0A7RVx:1/hMl2FqGIRA4/jt5rTRX
Score

10^/10

gootkit 777 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gootkit777bankerbotnettrojan

behavioral2

gootkit777bankerbotnettrojan