Overview
overview
10Static
static
0c7b24793e...16c.js
windows10-1703-x64
101e9892e969...191.js
windows10-1703-x64
102a4516fba8...e80.js
windows10-1703-x64
103482b8e3b2...dff.js
windows10-1703-x64
10448be4416d...9b4.js
windows10-1703-x64
1048b4247e1a...7c9.js
windows10-1703-x64
105fc30d2cb4...460.js
windows10-1703-x64
8780451d05c...b6f.js
windows10-1703-x64
107816c4bdfc...c57.js
windows10-1703-x64
10bc00599c45...ffd.js
windows10-1703-x64
10Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system -
submitted
29-09-2022 10:29
Static task
static1
Behavioral task
behavioral1
Sample
0c7b24793eb977294b87af72948a38f7872744a6aeb142054d56a91646e4f16c.js
Resource
win10-20220812-en
Behavioral task
behavioral2
Sample
1e9892e96998cf1854d5778c8ef8d738c3b30ef9ed8f182df3b6e2a0329fa191.js
Resource
win10-20220812-en
Behavioral task
behavioral3
Sample
2a4516fba848b3ef6190f6c3235e21972c68228c943ea2e2b843d9237b690e80.js
Resource
win10-20220812-en
Behavioral task
behavioral4
Sample
3482b8e3b2eee3a0ea5f3905fa7902074332b4077e50d86ea89a2850f7657dff.js
Resource
win10-20220901-en
Behavioral task
behavioral5
Sample
448be4416d86334bb1d167ce8ae9f488fefe680e75d68955fbea1e36cd9309b4.js
Resource
win10-20220812-en
Behavioral task
behavioral6
Sample
48b4247e1a28c1159b8608588212f4cf49408039704c204b93f54abad56357c9.js
Resource
win10-20220812-en
Behavioral task
behavioral7
Sample
5fc30d2cb4ce3b291396c89bdb153c12eb3263c2e84744bb9323b2d9f4c8c460.js
Resource
win10-20220812-en
Behavioral task
behavioral8
Sample
780451d05ca663fbe10c0eba45205a7f1570ae8b00b74d8b04b7b2c10a628b6f.js
Resource
win10-20220901-en
Behavioral task
behavioral9
Sample
7816c4bdfcabb5448fe46631a91ddc0d98fb0513d7d943463ca2b1a6ca01bc57.js
Resource
win10-20220812-en
Behavioral task
behavioral10
Sample
bc00599c450caca3d02adf1c35c3c6882797870c917d79059edc971c0a9ffffd.js
Resource
win10-20220812-en
General
-
Target
bc00599c450caca3d02adf1c35c3c6882797870c917d79059edc971c0a9ffffd.js
-
Size
483KB
-
MD5
4519970bd4974c77a1093a6f4df43011
-
SHA1
ed333af10b36ce7b7c0655b8b56a0e46b8d567cc
-
SHA256
bc00599c450caca3d02adf1c35c3c6882797870c917d79059edc971c0a9ffffd
-
SHA512
4c41171a9bbc731f15e404b80627fe3bf139fa974cd1adbe6346fcc2cc2220575d8086a4dc12f5fdc48abd4d193bf650359eb316cf03b7b07a0e82df3a4044bd
-
SSDEEP
6144:DQbXQSula5l4khEfD3xA7tiagmd4iLAmW36aXF:tEhEfD3xciagmd4iLAmW360
Malware Config
Signatures
-
GootLoader
JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
-
Blocklisted process makes network request 3 IoCs
Processes:
wscript.exeflow pid process 10 4436 wscript.exe 12 4436 wscript.exe 14 4436 wscript.exe -
Script User-Agent 3 IoCs
Uses user-agent string associated with script host/environment.
Processes:
description flow ioc HTTP User-Agent header 12 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 14 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 10 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)