gootkit | 502d9d30c00e3fefd740634b408fe446dcfc703e5029dd7bc53d00bd051262a2 | Triage

Sharing

General

Target

93feb4f8eb80e9f02595ccfd85a51b69_JaffaCakes118
Size

190KB
Sample

240604-h7hlxshd3v
MD5

93feb4f8eb80e9f02595ccfd85a51b69
SHA1

5ab52eb607575c44a64afbbac0f2ca12af696500
SHA256

502d9d30c00e3fefd740634b408fe446dcfc703e5029dd7bc53d00bd051262a2
SHA512

8894414f408cc1ca2405dbcbbf860fdcb67cb377f7bde9c75cc5385a2f7a9f7ec498054b83b206c89e1443b5588d333094cc2506390ee080b6209c9d4e5d8217
SSDEEP

3072:0MdMOtaCoecOd4IFEt0qM2e/0sb6Mzqjq6dGZEmAh6AbP4FQNHZ:0/vyc+4IeFMqsuMSdGlAwAbwC

Score

10^/10

gootkit 2856 banker botnet trojan

Malware Config

Extracted

Family

gootkit

Botnet

2856

C2

it.its1ofakind.net

zgzimtkwotm2.top

Attributes

vendor_id
2856

Targets

- Target
  
  93feb4f8eb80e9f02595ccfd85a51b69_JaffaCakes118
- Size
  
  190KB
- MD5
  
  93feb4f8eb80e9f02595ccfd85a51b69
- SHA1
  
  5ab52eb607575c44a64afbbac0f2ca12af696500
- SHA256
  
  502d9d30c00e3fefd740634b408fe446dcfc703e5029dd7bc53d00bd051262a2
- SHA512
  
  8894414f408cc1ca2405dbcbbf860fdcb67cb377f7bde9c75cc5385a2f7a9f7ec498054b83b206c89e1443b5588d333094cc2506390ee080b6209c9d4e5d8217
- SSDEEP
  
  3072:0MdMOtaCoecOd4IFEt0qM2e/0sb6Mzqjq6dGZEmAh6AbP4FQNHZ:0/vyc+4IeFMqsuMSdGlAwAbwC
Score

10^/10

gootkit 2856 banker botnet trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit2856bankerbotnettrojan

behavioral2

gootkit2856bankerbotnettrojan