gootloader | 7295df0ef1b016cf6964ed3096b4b49d659975fe490195bb9f800aea226e5db1 | Triage

Submit
Reports

Overview

overview

Static

static

1

7295df0ef1...db1.js

windows7-x64

7295df0ef1...db1.js

windows10-2004-x64

Sharing

General

Target

7295df0ef1b016cf6964ed3096b4b49d659975fe490195bb9f800aea226e5db1
Size

5.5MB
Sample

240517-m7zyesfc42
MD5

244bd6ec0a809bec654585c35aae3aed
SHA1

299a118feac2b72c7b65918c07c69ee271750475
SHA256

7295df0ef1b016cf6964ed3096b4b49d659975fe490195bb9f800aea226e5db1
SHA512

57cb95d639d5a497f9609c9b93c42e86ddd0b90fe0add3fad149c00a1dcad67afcd73950bea84577d2efb3dec3a2c25a74e2f4dd0788ae5600d01e7ba3826330
SSDEEP

49152:2ytwpCQK+V8ytwpCQK+V8ytwpCQK+V8ytwpCQK+V8ytwpCQK+Vp:+

Score

10^/10

gootloader execution loader

Static task

static1

Behavioral task

behavioral1

Sample

7295df0ef1b016cf6964ed3096b4b49d659975fe490195bb9f800aea226e5db1.js

Resource

win7-20240221-en

gootloader execution loader

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

7295df0ef1b016cf6964ed3096b4b49d659975fe490195bb9f800aea226e5db1.js

Resource

win10v2004-20240508-en

gootloader execution loader

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  7295df0ef1b016cf6964ed3096b4b49d659975fe490195bb9f800aea226e5db1
- Size
  
  5.5MB
- MD5
  
  244bd6ec0a809bec654585c35aae3aed
- SHA1
  
  299a118feac2b72c7b65918c07c69ee271750475
- SHA256
  
  7295df0ef1b016cf6964ed3096b4b49d659975fe490195bb9f800aea226e5db1
- SHA512
  
  57cb95d639d5a497f9609c9b93c42e86ddd0b90fe0add3fad149c00a1dcad67afcd73950bea84577d2efb3dec3a2c25a74e2f4dd0788ae5600d01e7ba3826330
- SSDEEP
  
  49152:2ytwpCQK+V8ytwpCQK+V8ytwpCQK+V8ytwpCQK+V8ytwpCQK+Vp:+
Score

10^/10

gootloader execution loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootloaderexecutionloader

behavioral2

gootloaderexecutionloader

© 2018-2024

Terms | Privacy