gootkit | f52720305e8cd88c48de5eecd5965983d48693e4c693e3f82cfa48f1f2edfd78 | Triage

Sharing

General

Target

cb47db092132c66ed0ed6d705cacd72c_JaffaCakes118
Size

362KB
Sample

240830-vqlngawdpr
MD5

cb47db092132c66ed0ed6d705cacd72c
SHA1

884cdfb481b5f38485d7844b015728665eedcc51
SHA256

f52720305e8cd88c48de5eecd5965983d48693e4c693e3f82cfa48f1f2edfd78
SHA512

84b58ff20a057ac4804f7bc2e170c9bfc14227a36bd1b02d738a36c5baf39e478f7fa34718ddce9a760d1e8d0c59442a33b4664d9ea0252ac254e30c67f7a18e
SSDEEP

6144:up2jrNSfUetDI1LdsVifhSMQ35HpYHYpOPYN8v:y2/NyUeJI1LdsHMQpHp9UYN8v

Score

10^/10

gootkit 1235 banker botnet discovery trojan

Malware Config

Extracted

Family

gootkit

Botnet

1235

C2

zalipon.wollega.com

trussardi.qunamti.com

luga5lindalupina.com

Attributes

vendor_id
1235

Targets

- Target
  
  cb47db092132c66ed0ed6d705cacd72c_JaffaCakes118
- Size
  
  362KB
- MD5
  
  cb47db092132c66ed0ed6d705cacd72c
- SHA1
  
  884cdfb481b5f38485d7844b015728665eedcc51
- SHA256
  
  f52720305e8cd88c48de5eecd5965983d48693e4c693e3f82cfa48f1f2edfd78
- SHA512
  
  84b58ff20a057ac4804f7bc2e170c9bfc14227a36bd1b02d738a36c5baf39e478f7fa34718ddce9a760d1e8d0c59442a33b4664d9ea0252ac254e30c67f7a18e
- SSDEEP
  
  6144:up2jrNSfUetDI1LdsVifhSMQ35HpYHYpOPYN8v:y2/NyUeJI1LdsHMQpHp9UYN8v
Score

10^/10

gootkit 1235 banker botnet discovery trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit1235bankerbotnetdiscoverytrojan

behavioral2

gootkit1235bankerbotnetdiscoverytrojan