gootkit | 9736a79308b004889cde2fcd8d6912964ca67075c126c049378b438dcee77c83 | Triage

Sharing

General

Target

61ee3ec38bee1aff69a3fc4c568b42a8_JaffaCakes118
Size

152KB
Sample

240521-echfwsgd89
MD5

61ee3ec38bee1aff69a3fc4c568b42a8
SHA1

94798cd58c4b720d390afdde9518f8429e86e5d3
SHA256

9736a79308b004889cde2fcd8d6912964ca67075c126c049378b438dcee77c83
SHA512

604d1cb9e919c7a5158b345ae02c247dc3790dbe3e2a3824debf2e96e2e9ec8973414e0dee01d029fd49f084edea9054c83a917bf41fd5211557a749d18267ce
SSDEEP

3072:C9mQrWSB/WM+dCB+IF1G6sT11I0EDAUQ+iU2r2dwat3v:C9USBOMNBNF1cxy0EDAUQ+iU2r2Gev

Score

10^/10

gootkit 8888 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

8888

C2

sslsecurehost.com

securessl256.com

Attributes

vendor_id
8888

Targets

- Target
  
  61ee3ec38bee1aff69a3fc4c568b42a8_JaffaCakes118
- Size
  
  152KB
- MD5
  
  61ee3ec38bee1aff69a3fc4c568b42a8
- SHA1
  
  94798cd58c4b720d390afdde9518f8429e86e5d3
- SHA256
  
  9736a79308b004889cde2fcd8d6912964ca67075c126c049378b438dcee77c83
- SHA512
  
  604d1cb9e919c7a5158b345ae02c247dc3790dbe3e2a3824debf2e96e2e9ec8973414e0dee01d029fd49f084edea9054c83a917bf41fd5211557a749d18267ce
- SSDEEP
  
  3072:C9mQrWSB/WM+dCB+IF1G6sT11I0EDAUQ+iU2r2dwat3v:C9USBOMNBNF1cxy0EDAUQ+iU2r2Gev
Score

10^/10

gootkit 8888 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit8888bankerbotnettrojan

behavioral2

gootkit8888bankerbotnettrojan