gootkit | 6b6f47abe5a8103adf1b12e5f3651ed24b632a64c5c94ce297a6f9ca0710f772 | Triage

Sharing

General

Target

02a7e926c827c520122fcf6a4567314c_JaffaCakes118
Size

112KB
Sample

240427-hh8f2sdc62
MD5

02a7e926c827c520122fcf6a4567314c
SHA1

3c30ff40ef14baaf3d7ea74cabafdd0ab4d6b162
SHA256

6b6f47abe5a8103adf1b12e5f3651ed24b632a64c5c94ce297a6f9ca0710f772
SHA512

bdcb94e511b12f5d987cb6c493c74a609c1582020b06545654a6c79a0fd72372d25a716cac4919108639cae484dbb3d39cb2dda39539c309a03f011bf5fed7ad
SSDEEP

3072:3XVn8iDW2JpOxR7eAN1NdO/9T2/Qx5lCAeD2EFnBSr1rvSgA//:3l8qW2J8yA/NdO/kox5lCd2EFnBSr1ry

Score

10^/10

gootkit 1001 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

1001

C2

pell-talak.com

gudsline.com

Attributes

vendor_id
1001

Targets

- Target
  
  02a7e926c827c520122fcf6a4567314c_JaffaCakes118
- Size
  
  112KB
- MD5
  
  02a7e926c827c520122fcf6a4567314c
- SHA1
  
  3c30ff40ef14baaf3d7ea74cabafdd0ab4d6b162
- SHA256
  
  6b6f47abe5a8103adf1b12e5f3651ed24b632a64c5c94ce297a6f9ca0710f772
- SHA512
  
  bdcb94e511b12f5d987cb6c493c74a609c1582020b06545654a6c79a0fd72372d25a716cac4919108639cae484dbb3d39cb2dda39539c309a03f011bf5fed7ad
- SSDEEP
  
  3072:3XVn8iDW2JpOxR7eAN1NdO/9T2/Qx5lCAeD2EFnBSr1rvSgA//:3l8qW2J8yA/NdO/kox5lCd2EFnBSr1ry
Score

10^/10

gootkit 1001 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gootkit1001bankerbotnettrojan

behavioral2

gootkit1001bankerbotnettrojan