Extracted

• • Target

    2a984837bb7be00caa8937abaa695a72f507252e3ac22157bd6dcd3a4c762da1

  • Size

    283KB

  • MD5

    eb352086838f3e62929c6982938257e8

  • SHA1

    190f97f6ca0e1c058506736e0b5b96e1b4a9b6e2

  • SHA256

    2a984837bb7be00caa8937abaa695a72f507252e3ac22157bd6dcd3a4c762da1

  • SHA512

    55e1bd1a6617928b74b6ec5e04ce49591f650e2a32bd38d396ce919ba59b65a8f3e27c870e71f8740205be2251954a5867a1e11fa8d94af26b0fb5e1d6cd73d2

  • SSDEEP

    6144:+4LuhL2086TbM3v0ofYfyXyqLoittx18a:7mL52v0oiyXy6oCtx18a

  Score

  10^/10

  gootkit6546bankerbotnettrojan

  • Gootkit

    Gootkit is a banking trojan, where large parts are written in node.JS.

    trojanbankerbotnetgootkit

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  behavioral1behavioral2