General
-
Target
f1b2446558e35df613366ca1bff2e0120113e21aa593c4f1f449f1e554d1dc3e
-
Size
286KB
-
Sample
230129-wacajahc3t
-
MD5
2ea0561bb3cdae9cf682703de2933a43
-
SHA1
827696cf98926dea8bfde038de228b7778d0ff56
-
SHA256
f1b2446558e35df613366ca1bff2e0120113e21aa593c4f1f449f1e554d1dc3e
-
SHA512
e6fac7e489e967cb2174016e3236b0acfe60625b8286bc35dd35c0c5cd5716b284891f68033b05b211380dd135aabd93ff25e18ed8ddeb0c536e29bbc7f92cdb
-
SSDEEP
6144:FBeVV56G+JCBe35SVPilxd50wX2n9RzozaFCu6/u3W:FBgVNPwdR2oOkuku3W
Malware Config
Extracted
gootkit
6546
servicemanager.icu
partnerservice.xyz
-
vendor_id
6546
Targets
-
-
Target
f1b2446558e35df613366ca1bff2e0120113e21aa593c4f1f449f1e554d1dc3e
-
Size
286KB
-
MD5
2ea0561bb3cdae9cf682703de2933a43
-
SHA1
827696cf98926dea8bfde038de228b7778d0ff56
-
SHA256
f1b2446558e35df613366ca1bff2e0120113e21aa593c4f1f449f1e554d1dc3e
-
SHA512
e6fac7e489e967cb2174016e3236b0acfe60625b8286bc35dd35c0c5cd5716b284891f68033b05b211380dd135aabd93ff25e18ed8ddeb0c536e29bbc7f92cdb
-
SSDEEP
6144:FBeVV56G+JCBe35SVPilxd50wX2n9RzozaFCu6/u3W:FBgVNPwdR2oOkuku3W
Score10/10-
Gootkit
Gootkit is a banking trojan, where large parts are written in node.JS.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-