gootkit | 14d150a2ea315ad6ebe5b0f6cf2093d474636c3ed7af97f5f322f56194077bf9 | Triage

Sharing

General

Target

ee6a0423ca9a7940c286a470d2db0a43_JaffaCakes118
Size

120KB
Sample

240920-zty57axgjf
MD5

ee6a0423ca9a7940c286a470d2db0a43
SHA1

5e9e110597d77b2e40e9e4b8a253eb5fb20a085d
SHA256

14d150a2ea315ad6ebe5b0f6cf2093d474636c3ed7af97f5f322f56194077bf9
SHA512

b71979e80ba0efc858712e2b5cf17568b5b57d7a6dc34435eedb344eaee1194fb01e7647fe6679c4c7e4c45096c3d3a3c19ba9476ecfd7fa5b93e522dab9b1ca
SSDEEP

3072:Z9mQrWSB/WM+dCB+IF1G6sT11I0E9TAUQ+iU2r2:Z9USBOMNBNF1cxy0E9TAUQ+iU2r2

Score

10^/10

gootkit 308 banker botnet discovery trojan

Malware Config

Extracted

Family

gootkit

Botnet

308

C2

waabitii.com

buyyou.org

pep.hheadz4life.com

trktrk.org

fields.mobi

Attributes

vendor_id
308

Targets

- Target
  
  ee6a0423ca9a7940c286a470d2db0a43_JaffaCakes118
- Size
  
  120KB
- MD5
  
  ee6a0423ca9a7940c286a470d2db0a43
- SHA1
  
  5e9e110597d77b2e40e9e4b8a253eb5fb20a085d
- SHA256
  
  14d150a2ea315ad6ebe5b0f6cf2093d474636c3ed7af97f5f322f56194077bf9
- SHA512
  
  b71979e80ba0efc858712e2b5cf17568b5b57d7a6dc34435eedb344eaee1194fb01e7647fe6679c4c7e4c45096c3d3a3c19ba9476ecfd7fa5b93e522dab9b1ca
- SSDEEP
  
  3072:Z9mQrWSB/WM+dCB+IF1G6sT11I0E9TAUQ+iU2r2:Z9USBOMNBNF1cxy0E9TAUQ+iU2r2
Score

10^/10

gootkit 308 banker botnet discovery trojan
- Gootkit
  Gootkit is a banking trojan, where large parts are written in node.JS.
  trojan banker botnet gootkit
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootkit308bankerbotnetdiscoverytrojan

behavioral2

gootkit308bankerbotnetdiscoverytrojan