ec9447e16c16d47402582d7c7d6b14c0c0dd722b8995773ffa09f720622b737b | Triage

Sharing

General

Target

gootloader-payload.js
Size

508KB
Sample

221027-md3r8abhbn
MD5

01c4b3a02da8f005448394fa7e365096
SHA1

fd7da899f1498d6fde58258b1a03f1a5d320857e
SHA256

ec9447e16c16d47402582d7c7d6b14c0c0dd722b8995773ffa09f720622b737b
SHA512

bb57829a59e35845106d1b2d38fd910612a4e978150f77d42f5920f56ab60e2ad6475663eb9709914d9f7a9c05c4471fc7a2160e0bb4352885a8d9bc5b14e703
SSDEEP

12288:N05ALupJX3uOwbPDLJxB6bd8lR615JyZz87MXM:N0GupJX3uLxU+Z87MXM

Score

8^/10

Malware Config

Targets

- Target
  
  gootloader-payload.js
- Size
  
  508KB
- MD5
  
  01c4b3a02da8f005448394fa7e365096
- SHA1
  
  fd7da899f1498d6fde58258b1a03f1a5d320857e
- SHA256
  
  ec9447e16c16d47402582d7c7d6b14c0c0dd722b8995773ffa09f720622b737b
- SHA512
  
  bb57829a59e35845106d1b2d38fd910612a4e978150f77d42f5920f56ab60e2ad6475663eb9709914d9f7a9c05c4471fc7a2160e0bb4352885a8d9bc5b14e703
- SSDEEP
  
  12288:N05ALupJX3uOwbPDLJxB6bd8lR615JyZz87MXM:N0GupJX3uLxU+Z87MXM
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2