gootloader | 893e44e4ad2e74f043af938b237ed08526a11a7c5eff8a4f84667543947f7292 | Triage

Submit
Reports

Overview

overview

Static

static

1

flat posse...384.js

windows7-x64

flat posse...384.js

windows10-2004-x64

Sharing

General

Target

flat possession agreement 10384.js
Size

8.8MB
Sample

240603-ryn7saba27
MD5

4ee5d33f99e169cc4166c122764a1693
SHA1

38a08a96fe62c42340be1ff5f9a5ca0548e9bf47
SHA256

893e44e4ad2e74f043af938b237ed08526a11a7c5eff8a4f84667543947f7292
SHA512

ab1c0015c320bfdf885d792e0efb30508f03e0ff547859112b5a3ce2a051bf580cf3d51f62f4c5730d17e7a27b130dfc2384dd5874b7cab56566c3a29471ddc0
SSDEEP

49152:/ytwpCQK+O5ytwpCQK+O5ytwpCQK+O5ytwpCQK+O5ytwpCQK+O5ytwpCQK+O5ytG:f

Score

10^/10

gootloader execution loader

Static task

static1

Behavioral task

behavioral1

Sample

flat possession agreement 10384.js

Resource

win7-20240221-en

gootloader execution loader

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

flat possession agreement 10384.js

Resource

win10v2004-20240508-en

gootloader execution loader

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  flat possession agreement 10384.js
- Size
  
  8.8MB
- MD5
  
  4ee5d33f99e169cc4166c122764a1693
- SHA1
  
  38a08a96fe62c42340be1ff5f9a5ca0548e9bf47
- SHA256
  
  893e44e4ad2e74f043af938b237ed08526a11a7c5eff8a4f84667543947f7292
- SHA512
  
  ab1c0015c320bfdf885d792e0efb30508f03e0ff547859112b5a3ce2a051bf580cf3d51f62f4c5730d17e7a27b130dfc2384dd5874b7cab56566c3a29471ddc0
- SSDEEP
  
  49152:/ytwpCQK+O5ytwpCQK+O5ytwpCQK+O5ytwpCQK+O5ytwpCQK+O5ytwpCQK+O5ytG:f
Score

10^/10

gootloader execution loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootloaderexecutionloader

behavioral2

gootloaderexecutionloader

© 2018-2025

Terms | Privacy