gootkit | b1f70bd7d0c27a06e65aae69ae221a7f77d378177bf7c1faeccaf04e3bdc861f | Triage

Sharing

General

Target

e7566bda4292061ffc04085a937aff74_JaffaCakes118
Size

102KB
Sample

240917-vzzaxsvfke
MD5

e7566bda4292061ffc04085a937aff74
SHA1

a8e7bbdcbc6fc6a26aa9a8e6c62151adbef2b873
SHA256

b1f70bd7d0c27a06e65aae69ae221a7f77d378177bf7c1faeccaf04e3bdc861f
SHA512

a08652164ed414c853fe0652074632c98c736dfe71b9f839b82a1e6ac16ac454a146de3da219419f7fb9900379701245c93678f32daf807e844050413e5d866f
SSDEEP

1536:DYEcifXxm0bcruEhOd0FI/o30CQSRXH2pGQQsVxpMLeyOIbn83qpoM2fdeZd:5dXGPuw3dQK2pGmxOLe283q0f0

Score

10^/10

gootkit 1001 banker botnet discovery trojan

Malware Config

Extracted

Family

gootkit

Botnet

1001

C2

ridgezirak.com

larinsosia.com

Attributes

vendor_id
1001

Targets

- Target
  
  e7566bda4292061ffc04085a937aff74_JaffaCakes118
- Size
  
  102KB
- MD5
  
  e7566bda4292061ffc04085a937aff74
- SHA1
  
  a8e7bbdcbc6fc6a26aa9a8e6c62151adbef2b873
- SHA256
  
  b1f70bd7d0c27a06e65aae69ae221a7f77d378177bf7c1faeccaf04e3bdc861f
- SHA512
  
  a08652164ed414c853fe0652074632c98c736dfe71b9f839b82a1e6ac16ac454a146de3da219419f7fb9900379701245c93678f32daf807e844050413e5d866f
- SSDEEP
  
  1536:DYEcifXxm0bcruEhOd0FI/o30CQSRXH2pGQQsVxpMLeyOIbn83qpoM2fdeZd:5dXGPuw3dQK2pGmxOLe283q0f0
Score

10^/10

gootkit 1001 banker botnet discovery trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit1001bankerbotnetdiscoverytrojan

behavioral2

gootkit1001bankerbotnetdiscoverytrojan