gootloader | aaf4a9b61fd713d89d7b78de434e4b8de59839ce8aea4060484dba6b2708b39d | Triage

Submit
Reports

Overview

overview

Static

static

1

service le...271.js

windows7-x64

3

service le...271.js

windows10-2004-x64

Sharing

General

Target

service level agreement laboratory 64271.js
Size

9.9MB
Sample

240614-rsar7svakd
MD5

1fafa2f20a18a11a58965191edd3eb7b
SHA1

83d983d6af64d7d9e156273507e0c8706aaf51b6
SHA256

aaf4a9b61fd713d89d7b78de434e4b8de59839ce8aea4060484dba6b2708b39d
SHA512

e60bb48d3e695d89748bdd4420fe42137c09229c4df6d7d24040124bda9357d89800fed41402fdf0d1a85a2b44fb89e3f94a0464f11f69ff3245c8ae5c4dec40
SSDEEP

49152:FUytwpCQK+szUytwpCQK+szUytwpCQK+szUytwpCQK+szUytwpCQK+szUytwpCQw:FRRRRRRRRr

Score

10^/10

gootloader execution loader

Static task

static1

Behavioral task

behavioral1

Sample

service level agreement laboratory 64271.js

Resource

win7-20240611-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

service level agreement laboratory 64271.js

Resource

win10v2004-20240508-en

gootloader execution loader

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  service level agreement laboratory 64271.js
- Size
  
  9.9MB
- MD5
  
  1fafa2f20a18a11a58965191edd3eb7b
- SHA1
  
  83d983d6af64d7d9e156273507e0c8706aaf51b6
- SHA256
  
  aaf4a9b61fd713d89d7b78de434e4b8de59839ce8aea4060484dba6b2708b39d
- SHA512
  
  e60bb48d3e695d89748bdd4420fe42137c09229c4df6d7d24040124bda9357d89800fed41402fdf0d1a85a2b44fb89e3f94a0464f11f69ff3245c8ae5c4dec40
- SSDEEP
  
  49152:FUytwpCQK+szUytwpCQK+szUytwpCQK+szUytwpCQK+szUytwpCQK+szUytwpCQw:FRRRRRRRRr
Score

10^/10

execution gootloader loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

gootloaderexecutionloader

© 2018-2024

Terms | Privacy