Analysis
-
max time kernel
170s -
max time network
173s -
platform
windows10-1703_x64 -
resource
win10-20220901-en -
resource tags
arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system -
submitted
12-09-2022 12:25
Static task
static1
Behavioral task
behavioral1
Sample
bf5f4dd36c1f03e7e4a8b7722151396f6a2ecb2ab6b5440ed71902c92503cca1.js
Resource
win10-20220901-en
General
-
Target
bf5f4dd36c1f03e7e4a8b7722151396f6a2ecb2ab6b5440ed71902c92503cca1.js
-
Size
483KB
-
MD5
3b0f682247b07a620a59b6f5c868c53e
-
SHA1
ca8ee9223284192825141dceca0151d388f70869
-
SHA256
bf5f4dd36c1f03e7e4a8b7722151396f6a2ecb2ab6b5440ed71902c92503cca1
-
SHA512
9336e82d970adef2c29c48384c87baf2c0a20d33fd114988ad10960eb4828c4d7bd4503fd3d426426ce0e0fc618b10891e738d9da9ef077de84254778cb3b881
-
SSDEEP
6144:4Q9XGCulaxl4khEfD3HA7Wiagmd4iLAmWR6gS+:GWhEfD3Hviagmd4iLAmWR6W
Malware Config
Signatures
-
GootLoader
JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
-
Blocklisted process makes network request 3 IoCs
Processes:
wscript.exeflow pid process 7 4824 wscript.exe 9 4824 wscript.exe 11 4824 wscript.exe -
Script User-Agent 3 IoCs
Uses user-agent string associated with script host/environment.
Processes:
description flow ioc HTTP User-Agent header 7 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 9 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 11 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)