gootkit | b03c0d9a936644e05ec1abb6463bca88cf6300d31c60138037bd951af676db6d | Triage

Sharing

General

Target

768d2bef26975c7c15767944a71259d4_JaffaCakes118
Size

188KB
Sample

240526-x2mq1sgh8x
MD5

768d2bef26975c7c15767944a71259d4
SHA1

38d4f37014982484377ae2cea3e0bddf0a770667
SHA256

b03c0d9a936644e05ec1abb6463bca88cf6300d31c60138037bd951af676db6d
SHA512

976a8d0495ed74ed1417fa2af3201455fd3912bd76dd3c5ec41a5fe680428ee20abab174bb6ddfe075593a9798fd2fe4754a8c0e26739284388a3fd65f31dcf0
SSDEEP

3072:Wjyvr5Ps+g8SYkQy6aOEV2/uxq1WolGLmt01hji3mF7zS1rCkFSXQVDLU6:OyvrJbtEVm4qvlPgAmFnEFyQVDw6

Score

10^/10

gootkit 2855 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

2855

C2

me.jmitchelldayton.com

otnhmtkwodm1.site

Attributes

vendor_id
2855

Targets

- Target
  
  768d2bef26975c7c15767944a71259d4_JaffaCakes118
- Size
  
  188KB
- MD5
  
  768d2bef26975c7c15767944a71259d4
- SHA1
  
  38d4f37014982484377ae2cea3e0bddf0a770667
- SHA256
  
  b03c0d9a936644e05ec1abb6463bca88cf6300d31c60138037bd951af676db6d
- SHA512
  
  976a8d0495ed74ed1417fa2af3201455fd3912bd76dd3c5ec41a5fe680428ee20abab174bb6ddfe075593a9798fd2fe4754a8c0e26739284388a3fd65f31dcf0
- SSDEEP
  
  3072:Wjyvr5Ps+g8SYkQy6aOEV2/uxq1WolGLmt01hji3mF7zS1rCkFSXQVDLU6:OyvrJbtEVm4qvlPgAmFnEFyQVDw6
Score

10^/10

gootkit 2855 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit2855bankerbotnettrojan

behavioral2

gootkit2855bankerbotnettrojan