gootkit | b683ccee257c2edb5dada7ca00e936cfbb7a81e006719afc5c91778188d349e5 | Triage

Sharing

General

Target

3ba897d0c17ee90debaec62b17bb323d_JaffaCakes118
Size

128KB
Sample

240512-xw5pmseh52
MD5

3ba897d0c17ee90debaec62b17bb323d
SHA1

eaf8e697d1554984e1ba2a9e49046a77f6dc8c46
SHA256

b683ccee257c2edb5dada7ca00e936cfbb7a81e006719afc5c91778188d349e5
SHA512

ad552034772f7970c4cc85fcf7b516b281c45630e2ed6e1295fb98479d0a783096ee1df1c164006a20c823f64909e438d23199bc4ea1043dc39f9ce305296937
SSDEEP

3072:n9mQrWSB/WM+dCB+IF1G6911I0EDAUQ+iU2r2:n9USBOMNBNF1Hy0EDAUQ+iU2r2

Score

10^/10

gootkit 8888 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

8888

C2

sslsecurehost.com

securessl256.com

Attributes

vendor_id
8888

Targets

- Target
  
  3ba897d0c17ee90debaec62b17bb323d_JaffaCakes118
- Size
  
  128KB
- MD5
  
  3ba897d0c17ee90debaec62b17bb323d
- SHA1
  
  eaf8e697d1554984e1ba2a9e49046a77f6dc8c46
- SHA256
  
  b683ccee257c2edb5dada7ca00e936cfbb7a81e006719afc5c91778188d349e5
- SHA512
  
  ad552034772f7970c4cc85fcf7b516b281c45630e2ed6e1295fb98479d0a783096ee1df1c164006a20c823f64909e438d23199bc4ea1043dc39f9ce305296937
- SSDEEP
  
  3072:n9mQrWSB/WM+dCB+IF1G6911I0EDAUQ+iU2r2:n9USBOMNBNF1Hy0EDAUQ+iU2r2
Score

10^/10

gootkit 8888 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit8888bankerbotnettrojan

behavioral2

gootkit8888bankerbotnettrojan