gootloader | 666e249275d61963bf4220af39016a2d11ac30c6a27d0503179625636665bae6

Analysis

max time kernel
180s
max time network
182s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
29-09-2022 10:29

Target

7816c4bdfcabb5448fe46631a91ddc0d98fb0513d7d943463ca2b1a6ca01bc57.js
Size

483KB
MD5

c746d4689bc3110012e141d167a3da5d
SHA1

4aa455a5914df357ea0821b4b2b6cf6216746d95
SHA256

7816c4bdfcabb5448fe46631a91ddc0d98fb0513d7d943463ca2b1a6ca01bc57
SHA512

f321bd439db19c2639a66b3e881b61bfbb3090845f89e5b94dcee983b10290a66befc9a5d37f65f386c37d7129ef17aed2f3b3c449f98dc6a5ae03829082397c
SSDEEP

6144:ZQ2YXSTulaxl4khEfD1Dn7Giagmd4iLAmWR6b5F:fRhhEfD1Daiagmd4iLAmWR67

Score

10^/10

gootloader loader

GootLoader
JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
loader gootloader
Blocklisted process makes network request 3 IoCs

Processes:

wscript.exe

flow pid process

6 2764 wscript.exe
8 2764 wscript.exe
10 2764 wscript.exe

Script User-Agent 3 IoCs

Uses user-agent string associated with script host/environment.

Processes:

description	flow	ioc
HTTP User-Agent header	6	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	8	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	10	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\7816c4bdfcabb5448fe46631a91ddc0d98fb0513d7d943463ca2b1a6ca01bc57.js
1⤵
- Blocklisted process makes network request
PID:2764