gootkit | ae8c191199599e133cac67a50307f96e4b878e4ba04ef2f63cdabb17a39f2542 | Triage

Sharing

General

Target

ae8c191199599e133cac67a50307f96e4b878e4ba04ef2f63cdabb17a39f2542
Size

112KB
Sample

221204-wwyqnahb2y
MD5

5a768a70151584deef9a4cd29ff56eb9
SHA1

7b8761fb0cd6ab1fdc2a7a3bb3a3bf5115e3a826
SHA256

ae8c191199599e133cac67a50307f96e4b878e4ba04ef2f63cdabb17a39f2542
SHA512

645e50abbf1221689bd2ac25cf99fbda10b0ec89070a23f2dd78a5e680e009ee6799ce42d7b8968a10243cff87beda66e3b8be09fea27b50de1297d1b85c7ee0
SSDEEP

3072:3XVn8iDW2JpOxR7eAN1NdO/9T2/Qx5lCAuD2klHByblbfCQQPf:3l8qW2J8yA/NdO/kox5lCN2klHByblbi

Score

10^/10

gootkit 1001 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

1001

C2

pell-talak.com

gudsline.com

Attributes

vendor_id
1001

Targets

- Target
  
  ae8c191199599e133cac67a50307f96e4b878e4ba04ef2f63cdabb17a39f2542
- Size
  
  112KB
- MD5
  
  5a768a70151584deef9a4cd29ff56eb9
- SHA1
  
  7b8761fb0cd6ab1fdc2a7a3bb3a3bf5115e3a826
- SHA256
  
  ae8c191199599e133cac67a50307f96e4b878e4ba04ef2f63cdabb17a39f2542
- SHA512
  
  645e50abbf1221689bd2ac25cf99fbda10b0ec89070a23f2dd78a5e680e009ee6799ce42d7b8968a10243cff87beda66e3b8be09fea27b50de1297d1b85c7ee0
- SSDEEP
  
  3072:3XVn8iDW2JpOxR7eAN1NdO/9T2/Qx5lCAuD2klHByblbfCQQPf:3l8qW2J8yA/NdO/kox5lCN2klHByblbi
Score

10^/10

gootkit 1001 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gootkit1001bankerbotnettrojan

behavioral2

gootkit1001bankerbotnettrojan