Overview

overview

10

Static

static

3

e561ae3ced...18.exe

windows7-x64

10

e561ae3ced...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e561ae3cedb6f9fc0ecff559c62788b0_JaffaCakes118

  • Size

    293KB

  • Sample

    240916-xczpaaterl

  • MD5

    e561ae3cedb6f9fc0ecff559c62788b0

  • SHA1

    de34eb34e2c489386fb32dd96469e7fdcef617d9

  • SHA256

    38933984f5ff8b71c054d1c1155e308ac02377b89315ef17cea859178a30dbab

  • SHA512

    c3abd85394b75b05b2bb7c53c28e3d1309226294c16594e6704e009f49353c45de4fcf632222f55529916181ce545485d6fd26d14eecb3db91b625ba9730d757

  • SSDEEP

    6144:PbxOVKPwK8GwP5CltgOX6u99MayBg04b7TbZIb7xx9erp3CHP:j4VKPl8GBlp6u99M1LgTg7cpyv

Score
10/10
gootkit8888bankerbotnetdiscoverytrojan

Malware Config

Extracted

Family

gootkit

Botnet

8888

C2

sslsecurehost.com

securessl256.com
Attributes
  • vendor_id

    8888

Targets

    • Target

      e561ae3cedb6f9fc0ecff559c62788b0_JaffaCakes118

    • Size

      293KB

    • MD5

      e561ae3cedb6f9fc0ecff559c62788b0

    • SHA1

      de34eb34e2c489386fb32dd96469e7fdcef617d9

    • SHA256

      38933984f5ff8b71c054d1c1155e308ac02377b89315ef17cea859178a30dbab

    • SHA512

      c3abd85394b75b05b2bb7c53c28e3d1309226294c16594e6704e009f49353c45de4fcf632222f55529916181ce545485d6fd26d14eecb3db91b625ba9730d757

    • SSDEEP

      6144:PbxOVKPwK8GwP5CltgOX6u99MayBg04b7TbZIb7xx9erp3CHP:j4VKPl8GBlp6u99M1LgTg7cpyv

    Score
    10/10
    gootkit8888bankerbotnetdiscoverytrojan

    • Gootkit

      Gootkit is a banking trojan, where large parts are written in node.JS.

      trojanbankerbotnetgootkit

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks