gootloader | b44a1716a44b9c36136eded884f109548edfe605613cc92bf039b9bfe7052ff4 | Triage

Resubmissions

25-05-2024 10:03

240525-l3qzaadb3y 10

25-05-2024 09:57

240525-ly41cada8z 10

Sharing

General

Target

Are_flares_legal_uk_46331.zip
Size

1.1MB
Sample

240525-ly41cada8z
MD5

f9496b44adbbd66ec9e419708d4ebb56
SHA1

510fcdd700750a3da32339615eb0680a828bd23b
SHA256

b44a1716a44b9c36136eded884f109548edfe605613cc92bf039b9bfe7052ff4
SHA512

bef6336884ef9067802fee6bd4ab54a469c9fbe89de702a919e268fd598540421272859956d89be36b74a3a71b925d71ba520ea79fc96f95fe9ad9b2ca8dd9e1
SSDEEP

12288:Njyl52HUZ2W3qFjTGCL5zTG7EdvRKo3SrNGmJ7j0sMrF3rpilPEcAdm067SgPS:NjeKNFzfKx5G6lMvAeI067S

Score

10^/10

gootloader execution loader

Malware Config

Targets

- Target
  
  are flares legal uk 1210.js
- Size
  
  4.4MB
- MD5
  
  92845fcec6241a5f166f082b074f17ff
- SHA1
  
  c36a8f4a92e8f2982af6bab52c2f0dd0e92e1f72
- SHA256
  
  b730fce1dc9df3354e38373a37d5b3f1d1f587db85f19d7106aa7a2a392430c2
- SHA512
  
  70e7ad68de0da324a13e5f20068ae555ca8b589862aa8472efd6224b119d3d9fa53dae36f1e5a27c93a7b21150a44c29fae272469c652ef17fabe2584671f666
- SSDEEP
  
  49152:yytwpCQK+lIytwpCQK+lIytwpCQK+lIytwpCQK+lp:n
Score

10^/10

gootloader execution loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootloaderexecutionloader

behavioral2

gootloaderexecutionloader