gootkit | 2d5889ffe3483031ddf0b399f21af525cc491a1e7e2953324499ad21621ff19d | Triage

Sharing

General

Target

b77a4251c8c911f7993594bff83caa7f_JaffaCakes118
Size

208KB
Sample

240822-nqyjpsvcph
MD5

b77a4251c8c911f7993594bff83caa7f
SHA1

84069ced6e48ed80d2f73d72dce8db390aa21375
SHA256

2d5889ffe3483031ddf0b399f21af525cc491a1e7e2953324499ad21621ff19d
SHA512

7e3a6e7bd311683d388049fe126ff49986576be71e89e17a94545e7a19a5c8a9d11973e89c94d3c59ad2da37c3dee277eb3f266bb39e73399caca72e44a17a92
SSDEEP

3072:YfuPA1GTvoVBPjR74Z5kDx0iLNGoZU8RIXyXLidZ2Nu3ATf:USsfPdMH2zLNGoa8RUyeA

Score

10^/10

gootkit 7 banker botnet discovery trojan

Malware Config

Extracted

Family

gootkit

Botnet

7

C2

dotmaildot.org

domodotmail.org

dotatmailorg.com

domosedov.com

Attributes

vendor_id
7

Targets

- Target
  
  b77a4251c8c911f7993594bff83caa7f_JaffaCakes118
- Size
  
  208KB
- MD5
  
  b77a4251c8c911f7993594bff83caa7f
- SHA1
  
  84069ced6e48ed80d2f73d72dce8db390aa21375
- SHA256
  
  2d5889ffe3483031ddf0b399f21af525cc491a1e7e2953324499ad21621ff19d
- SHA512
  
  7e3a6e7bd311683d388049fe126ff49986576be71e89e17a94545e7a19a5c8a9d11973e89c94d3c59ad2da37c3dee277eb3f266bb39e73399caca72e44a17a92
- SSDEEP
  
  3072:YfuPA1GTvoVBPjR74Z5kDx0iLNGoZU8RIXyXLidZ2Nu3ATf:USsfPdMH2zLNGoa8RUyeA
Score

10^/10

gootkit 7 banker botnet discovery trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit7bankerbotnetdiscoverytrojan

behavioral2

gootkit7bankerbotnetdiscoverytrojan