General
-
Target
4d0396d7923a7bdccac984adf6c725b44ae58e1418daa81d9fd01fcbb658b4e5
-
Size
286KB
-
Sample
230129-wabn1afg84
-
MD5
9ed5d21bbfac7db5c250ad6d15e59d57
-
SHA1
72ff57e684208d64542968f64203bed304522379
-
SHA256
4d0396d7923a7bdccac984adf6c725b44ae58e1418daa81d9fd01fcbb658b4e5
-
SHA512
953ee514e9b558c1dc2212914949e5461bce76ac1bade5ece14540a697b23ed452f4f0aba16c7a2e11278f6e88095f1c3a976e9f2c9b4c69f550fe8373971db3
-
SSDEEP
6144:K0gxemAEsSJ0p5oZWVwQo6LfGoUaPCyUG1sefgWsV1KC:K711Op5oIVwQo69H52eoWsVr
Malware Config
Extracted
gootkit
6546
servicemanager.icu
partnerservice.xyz
-
vendor_id
6546
Targets
-
-
Target
4d0396d7923a7bdccac984adf6c725b44ae58e1418daa81d9fd01fcbb658b4e5
-
Size
286KB
-
MD5
9ed5d21bbfac7db5c250ad6d15e59d57
-
SHA1
72ff57e684208d64542968f64203bed304522379
-
SHA256
4d0396d7923a7bdccac984adf6c725b44ae58e1418daa81d9fd01fcbb658b4e5
-
SHA512
953ee514e9b558c1dc2212914949e5461bce76ac1bade5ece14540a697b23ed452f4f0aba16c7a2e11278f6e88095f1c3a976e9f2c9b4c69f550fe8373971db3
-
SSDEEP
6144:K0gxemAEsSJ0p5oZWVwQo6LfGoUaPCyUG1sefgWsV1KC:K711Op5oIVwQo69H52eoWsVr
Score10/10-
Gootkit
Gootkit is a banking trojan, where large parts are written in node.JS.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-