Malware Analysis Report

2024-11-30 20:55

Sample ID 220811-r477vaagb6
Target 7827676144.zip
SHA256 30b03ea83d198418654cc98d6cb0eb207c08d26ba93b1397f4938db5c0123d2f
Tags
gootloader loader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

30b03ea83d198418654cc98d6cb0eb207c08d26ba93b1397f4938db5c0123d2f

Threat Level: Known bad

The file 7827676144.zip was found to be: Known bad.

Malicious Activity Summary

gootloader loader

GootLoader

Blocklisted process makes network request

Script User-Agent

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-08-11 14:45

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-08-11 14:45

Reported

2022-08-11 14:51

Platform

win10-20220414-en

Max time kernel

198s

Max time network

202s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\c56f28cfa52beba254f1063b7354ab24a2122912721734a5f4ac16ce16e236c7.js

Signatures

GootLoader

loader gootloader

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\wscript.exe N/A
N/A N/A C:\Windows\system32\wscript.exe N/A
N/A N/A C:\Windows\system32\wscript.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\c56f28cfa52beba254f1063b7354ab24a2122912721734a5f4ac16ce16e236c7.js

Network

Country Destination Domain Proto
GB 51.132.193.105:443 tcp
US 8.8.8.8:53 www.ludovicmarque.fr udp
N/A 100.89.3.95:443 www.ludovicmarque.fr tcp
US 8.8.8.8:53 www.lucianofranz.it udp
N/A 100.96.27.131:443 www.lucianofranz.it tcp
US 8.8.8.8:53 www.leichtathletik-igersheim.de udp
N/A 100.119.84.155:443 www.leichtathletik-igersheim.de tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Reported

0001-01-01 00:00

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A