gootkit | 8646105621d6c01b212cede10b2fde39c70d76d8cece3bb957c2e4b5176fd9d1 | Triage

Sharing

General

Target

5d5ec039c6e151b1d7119f9aae350c0d_JaffaCakes118
Size

104KB
Sample

240520-fz687sdd55
MD5

5d5ec039c6e151b1d7119f9aae350c0d
SHA1

7a654ff2489ff36d08ff73343669a40a3c45ea73
SHA256

8646105621d6c01b212cede10b2fde39c70d76d8cece3bb957c2e4b5176fd9d1
SHA512

e76391fcc6a5fe8134831dbfc245e6f99b601a638ce7571495e597512f3a96f031d63e0db6bfc15e980944c72537a930b28144932bebfe82a687121853353fa5
SSDEEP

3072:Lx78Ll6UnxKC6FWhd9aP6YsaS+LQXyjPoU:F7QDxvwWhdgCYspXuo

Score

10^/10

gootkit 1001 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

1001

C2

pell-talak.com

gudsline.com

Attributes

vendor_id
1001

Targets

- Target
  
  5d5ec039c6e151b1d7119f9aae350c0d_JaffaCakes118
- Size
  
  104KB
- MD5
  
  5d5ec039c6e151b1d7119f9aae350c0d
- SHA1
  
  7a654ff2489ff36d08ff73343669a40a3c45ea73
- SHA256
  
  8646105621d6c01b212cede10b2fde39c70d76d8cece3bb957c2e4b5176fd9d1
- SHA512
  
  e76391fcc6a5fe8134831dbfc245e6f99b601a638ce7571495e597512f3a96f031d63e0db6bfc15e980944c72537a930b28144932bebfe82a687121853353fa5
- SSDEEP
  
  3072:Lx78Ll6UnxKC6FWhd9aP6YsaS+LQXyjPoU:F7QDxvwWhdgCYspXuo
Score

10^/10

gootkit 1001 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gootkit1001bankerbotnettrojan

behavioral2

gootkit1001bankerbotnettrojan