gootloader | 45b94b75ea5b56e535d44bfcdac0fb5ed1784db8faecb8e629a59d8b8d362cdd | Triage

Submit
Reports

Overview

overview

Static

static

1

45b94b75ea...cdd.js

windows7-x64

45b94b75ea...cdd.js

windows10-2004-x64

Sharing

General

Target

45b94b75ea5b56e535d44bfcdac0fb5ed1784db8faecb8e629a59d8b8d362cdd
Size

5.5MB
Sample

240518-nd85nsgg42
MD5

010628900783c8891b50fb5ccd7c7b81
SHA1

26f472ecba31231793c618ac67706c37cce6c438
SHA256

45b94b75ea5b56e535d44bfcdac0fb5ed1784db8faecb8e629a59d8b8d362cdd
SHA512

dd43e7cd8f6018c460a6f5689eeec5a5f693c198bc8e6379f76ff2b04c006ebbf3e0cc8895c865c8c945012220855756efb0650496b9b8c2393dbef2bea42784
SSDEEP

49152:WytwpCQK+nAytwpCQK+nAytwpCQK+nAytwpCQK+nAytwpCQK+np:K

Score

10^/10

gootloader execution loader

Static task

static1

Behavioral task

behavioral1

Sample

45b94b75ea5b56e535d44bfcdac0fb5ed1784db8faecb8e629a59d8b8d362cdd.js

Resource

win7-20240508-en

gootloader execution loader

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

45b94b75ea5b56e535d44bfcdac0fb5ed1784db8faecb8e629a59d8b8d362cdd.js

Resource

win10v2004-20240426-en

gootloader execution loader

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  45b94b75ea5b56e535d44bfcdac0fb5ed1784db8faecb8e629a59d8b8d362cdd
- Size
  
  5.5MB
- MD5
  
  010628900783c8891b50fb5ccd7c7b81
- SHA1
  
  26f472ecba31231793c618ac67706c37cce6c438
- SHA256
  
  45b94b75ea5b56e535d44bfcdac0fb5ed1784db8faecb8e629a59d8b8d362cdd
- SHA512
  
  dd43e7cd8f6018c460a6f5689eeec5a5f693c198bc8e6379f76ff2b04c006ebbf3e0cc8895c865c8c945012220855756efb0650496b9b8c2393dbef2bea42784
- SSDEEP
  
  49152:WytwpCQK+nAytwpCQK+nAytwpCQK+nAytwpCQK+nAytwpCQK+np:K
Score

10^/10

gootloader execution loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootloaderexecutionloader

behavioral2

gootloaderexecutionloader

© 2018-2024

Terms | Privacy