General
-
Target
gootloader_payload.js
-
Size
323KB
-
Sample
220725-nwp5hsdhgn
-
MD5
c4526e9525644a49c81d461ad7976ed8
-
SHA1
505dc8617f15dbc54dabe38c73e36c7c4cebc5ac
-
SHA256
7af49f898e175a7c96600fd26dc747953d6ddbcc18a21694f72176e52734c5a3
-
SHA512
2cc8828df15757ae4b08c05d439b4c82585cb20fd2d6567b577f92da41c19aa96c66edc0fb9437447c407acb131480f0f8188bb6a0aa5a521fab5725b96c8317
Static task
static1
Behavioral task
behavioral1
Sample
gootloader_payload.js
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
gootloader_payload.js
Resource
win10v2004-20220722-en
Malware Config
Extracted
icedid
2442462831
cootembrast.com
Targets
-
-
Target
gootloader_payload.js
-
Size
323KB
-
MD5
c4526e9525644a49c81d461ad7976ed8
-
SHA1
505dc8617f15dbc54dabe38c73e36c7c4cebc5ac
-
SHA256
7af49f898e175a7c96600fd26dc747953d6ddbcc18a21694f72176e52734c5a3
-
SHA512
2cc8828df15757ae4b08c05d439b4c82585cb20fd2d6567b577f92da41c19aa96c66edc0fb9437447c407acb131480f0f8188bb6a0aa5a521fab5725b96c8317
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-