Extracted

• • Target

    1f5cc0934c69394573e34be53dc41e54_JaffaCakes118

  • Size

    236KB

  • MD5

    1f5cc0934c69394573e34be53dc41e54

  • SHA1

    55947f243c826706cfe27470530e555190911711

  • SHA256

    9e7580489a6e346a26ac16c42a33e1857d67801bcc4191c1303d158e52c931ae

  • SHA512

    22b09cab12c4e08549be486a0ba7e22f914d33da3a2188d256d990d2f2da74c4be71710c87d0310bb9869493655d1e14b676fdf6c03a3023414496ae13382771

  • SSDEEP

    3072:VHZ/peTSk1rr7XcoZrBx8IlRdtF7zYLt52RlfZoqFa52QDL3ZJ6bLiD659qkg+:VHZRe7rPXfZ/fMLb2J6DLpJ6m

  Score

  10^/10

  gootkit9bankerbotnettrojan

  • Gootkit

    Gootkit is a banking trojan, where large parts are written in node.JS.

    trojanbankerbotnetgootkit

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2