Analysis
-
max time kernel
148s -
max time network
181s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
14-09-2022 15:12
Static task
static1
Behavioral task
behavioral1
Sample
united_flight_attendant_union_agreement (dkx).js
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
united_flight_attendant_union_agreement (dkx).js
Resource
win10v2004-20220812-en
General
-
Target
united_flight_attendant_union_agreement (dkx).js
-
Size
291KB
-
MD5
35ea61041bd263a3a87c98059684b589
-
SHA1
8132e47d4fba9fdf0cbba9ff8345649a866cf53b
-
SHA256
64363a18c8e226200c00233cad8ba9b3089ed9663931026c0d3163350cebfefa
-
SHA512
cc1148f68a5d0df49b00314b48b93f5ee92d1d58a9c9a7d8124113524bfd6d814ba1cf719929449fad0a83f909cf5ed9a68b653a5f5f88f739164fa31b1a5436
-
SSDEEP
6144:pjLfh6nicf8Z5wETdp1J4mDMz1EsnFyzjwh3zOxPdQ8kUL1IVfzHAKOk1PC:piw4mDeTFydDSVfTAKJZC
Malware Config
Signatures
-
GootLoader
JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
-
Blocklisted process makes network request 3 IoCs
Processes:
wscript.exeflow pid process 35 644 wscript.exe 37 644 wscript.exe 39 644 wscript.exe -
Script User-Agent 2 IoCs
Uses user-agent string associated with script host/environment.
Processes:
description flow ioc HTTP User-Agent header 35 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 37 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)