General

  • Target

    13-September-7996136135.zip

  • Size

    395KB

  • Sample

    220913-p5aa4affc6

  • MD5

    4661b1442a0542799e80006f0d71434e

  • SHA1

    9962772231c6d216e46932729b95cd48301390e6

  • SHA256

    60fb7d5d08e4b91eb6978af3bcf3cc0143834fe0e98c7c3a7af7f7d52084e961

  • SHA512

    0df6786940c67df19b99438f0a125008bcddc372f37a20fd59bfbf50afd4f38fd2f6e7aa23518bf5a6ae269ff91eaf7b8a97de8dcf97c98e213fc6b079b18c35

  • SSDEEP

    12288:hmGyplHJfSFQJoCn46Bj0J3sPBe0TnPqI6Ww:gTnFkfCn4EjkyDe7T

Score
10/10

Malware Config

Targets

    • Target

      Agreement_of_guiding_principles_(property_insurance) (envph).js

    • Size

      483KB

    • MD5

      5f244e629f304cfa708a430457d7f28b

    • SHA1

      ddd30b83da125316a01d2d1a58c9ca958ce1e536

    • SHA256

      e5b9b96238ad4b273421fb5fa05765538633979f825ef2a529e6feced1b9bd01

    • SHA512

      2098c953e843938af617913bdcac367066794841668f436e05c2c27cb358b1e75fd9189a87b3a4a6b71b74730a55b3103c10667bdd7591a1fdd4d7296f118ce6

    • SSDEEP

      6144:EQmXQpulaxl44hEfDnxA7Viagmd4iLAmWR6xSF:pvhEfDnxmiagmd4iLAmWR6u

    Score
    10/10
    • GootLoader

      JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

    • Blocklisted process makes network request

    • Target

      How_to_fill_t1-ovp_form (owvv).js

    • Size

      483KB

    • MD5

      6962b25999460084e0556b0482067eff

    • SHA1

      354bc001089e5a4e9c4352b95bbf26d25858d2e6

    • SHA256

      02e477b52df4ea910526f3bad988aeaabcb2ac4d5e98b4cbc47a4c36b32acf4f

    • SHA512

      3d2fd051ee5d68a4eec4486c71914dd05010c75f9fb810258a6f78e3dab59996baed690d85a76f220b432e5ad3e88a1fb6347e0fc3e414da19c859c91a737113

    • SSDEEP

      6144:xQW+tTulaxl4khEfD3xA7cGiagmd7iLAmWH6WSF:ChhEfD3xVGiagmd7iLAmWH6T

    Score
    10/10
    • GootLoader

      JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

    • Blocklisted process makes network request

    • Target

      Iowa_uniform_premarital_agreement_act (ashi).js

    • Size

      483KB

    • MD5

      2a7e6581759011ecddedac7800afef34

    • SHA1

      3c7bccab2789a97a511bcc34acd9a20402f491e7

    • SHA256

      8869891e2142771fc5457c26edc1192022704647e0ce6b4d06b6c238b8e1cd2e

    • SHA512

      e2b3447f8a1b3b12651801f7cc0e866a385111af8e4644ebaf0d8523f6d29f6add598c27c3afec2f50fae304008767a8505a391605ed32cfcb84576cdd81fb2f

    • SSDEEP

      6144:+6Q/XSQulaxl4khEfD3hz7qiagmd4iLAmW96hGF:+qMhEfD3hCiagmd4iLAmW96y

    Score
    10/10
    • GootLoader

      JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

    • Blocklisted process makes network request

    • Target

      Alberta_painting_collective_agreement (bycs).js

    • Size

      483KB

    • MD5

      4ba91d567be33c97f2256dfeac4db2ad

    • SHA1

      f60a79c0002daf7933b1cd0ec13eb533eeae83e3

    • SHA256

      c2e6a362109e81acdb8d01c57a9bd898e6178254329c8b64be95e26543e225b5

    • SHA512

      05d053c4a70e68d7a178cb69161d03d1e549be1871d5bc355590c8f41b6230eb4da1ec8b88cf9805cbefff85325cc4d0e2030a53b7a14adcee60e1e4c3f0bf1e

    • SSDEEP

      6144:QQparEula2l4khEfD3xA7Xiagmd4iLAmWR6GSF:a3hEfD3x+iagmd4iLAmWR6j

    Score
    10/10
    • GootLoader

      JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks