gootkit | 0cf8b6b1643b6c1e9526b9c02e16eebf3ead39e41862c5b6b3cf6f11c7f2a38b | Triage

Sharing

General

Target

0cf8b6b1643b6c1e9526b9c02e16eebf3ead39e41862c5b6b3cf6f11c7f2a38b
Size

189KB
Sample

221130-xt1b5sag2w
MD5

84a6b69a72f274cde26972ae3ef0ff13
SHA1

bc30f84067ed408b34892e23a1916512010d7ee2
SHA256

0cf8b6b1643b6c1e9526b9c02e16eebf3ead39e41862c5b6b3cf6f11c7f2a38b
SHA512

b501438d74a2e744552165a5a0345993bd74512d659d86bf37f9d0d351e2a116d02bf85995126e89e48c468d5fc8e3c2c13f7f89bed62a42034764b7ed4b1a93
SSDEEP

3072:7gHJtiqAdeqgQS7RFAhADrXlJLzPb8R7Hi+xv+eSdu+g58QYwW/lioQ:7o6dgQeRlHXlJLzPK7P6Z+8QYn/l

Score

10^/10

gootkit 2862 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

2862

C2

roma.simplebutmatters.com

dom.jmitchelldayton.com

Attributes

vendor_id
2862

Targets

- Target
  
  0cf8b6b1643b6c1e9526b9c02e16eebf3ead39e41862c5b6b3cf6f11c7f2a38b
- Size
  
  189KB
- MD5
  
  84a6b69a72f274cde26972ae3ef0ff13
- SHA1
  
  bc30f84067ed408b34892e23a1916512010d7ee2
- SHA256
  
  0cf8b6b1643b6c1e9526b9c02e16eebf3ead39e41862c5b6b3cf6f11c7f2a38b
- SHA512
  
  b501438d74a2e744552165a5a0345993bd74512d659d86bf37f9d0d351e2a116d02bf85995126e89e48c468d5fc8e3c2c13f7f89bed62a42034764b7ed4b1a93
- SSDEEP
  
  3072:7gHJtiqAdeqgQS7RFAhADrXlJLzPb8R7Hi+xv+eSdu+g58QYwW/lioQ:7o6dgQeRlHXlJLzPK7P6Z+8QYn/l
Score

10^/10

gootkit 2862 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gootkit2862bankerbotnettrojan

behavioral2

gootkit2862bankerbotnettrojan