General
-
Target
2a984837bb7be00caa8937abaa695a72f507252e3ac22157bd6dcd3a4c762da1
-
Size
283KB
-
Sample
230129-w28staac7t
-
MD5
eb352086838f3e62929c6982938257e8
-
SHA1
190f97f6ca0e1c058506736e0b5b96e1b4a9b6e2
-
SHA256
2a984837bb7be00caa8937abaa695a72f507252e3ac22157bd6dcd3a4c762da1
-
SHA512
55e1bd1a6617928b74b6ec5e04ce49591f650e2a32bd38d396ce919ba59b65a8f3e27c870e71f8740205be2251954a5867a1e11fa8d94af26b0fb5e1d6cd73d2
-
SSDEEP
6144:+4LuhL2086TbM3v0ofYfyXyqLoittx18a:7mL52v0oiyXy6oCtx18a
Malware Config
Extracted
gootkit
6546
servicemanager.icu
partnerservice.xyz
-
vendor_id
6546
Targets
-
-
Target
2a984837bb7be00caa8937abaa695a72f507252e3ac22157bd6dcd3a4c762da1
-
Size
283KB
-
MD5
eb352086838f3e62929c6982938257e8
-
SHA1
190f97f6ca0e1c058506736e0b5b96e1b4a9b6e2
-
SHA256
2a984837bb7be00caa8937abaa695a72f507252e3ac22157bd6dcd3a4c762da1
-
SHA512
55e1bd1a6617928b74b6ec5e04ce49591f650e2a32bd38d396ce919ba59b65a8f3e27c870e71f8740205be2251954a5867a1e11fa8d94af26b0fb5e1d6cd73d2
-
SSDEEP
6144:+4LuhL2086TbM3v0ofYfyXyqLoittx18a:7mL52v0oiyXy6oCtx18a
Score10/10-
Gootkit
Gootkit is a banking trojan, where large parts are written in node.JS.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-