gootloader | b19b5c27a4a4120cd9ad8a3d7560a861e07580db9a83804f1442c7e14c449dda | Triage

Sharing

General

Target

INTERN~1.JS
Size

43.7MB
Sample

240621-qhspla1dqg
MD5

835e5d705a9a169f4025e1349b7a187f
SHA1

0e12a2f1fba539453910095ee3667a4661718f50
SHA256

b19b5c27a4a4120cd9ad8a3d7560a861e07580db9a83804f1442c7e14c449dda
SHA512

20315db091592bbef125b124151c70d7b59c2b2c4ab26ff22fca17c26c2ddf086c1702db362152c8567aef9dc9637ea7fad7a6b14abfd7cc37ab5fab32b1ff27
SSDEEP

12288:oLjnLjnLjnLjnLjnLjnLjnLjnLjnLjnLjnLjnLjnLjnLjnLjnLjnLjnLjnLjnLjc:n

Score

10^/10

gootloader execution loader

Malware Config

Targets

- Target
  
  INTERN~1.JS
- Size
  
  43.7MB
- MD5
  
  835e5d705a9a169f4025e1349b7a187f
- SHA1
  
  0e12a2f1fba539453910095ee3667a4661718f50
- SHA256
  
  b19b5c27a4a4120cd9ad8a3d7560a861e07580db9a83804f1442c7e14c449dda
- SHA512
  
  20315db091592bbef125b124151c70d7b59c2b2c4ab26ff22fca17c26c2ddf086c1702db362152c8567aef9dc9637ea7fad7a6b14abfd7cc37ab5fab32b1ff27
- SSDEEP
  
  12288:oLjnLjnLjnLjnLjnLjnLjnLjnLjnLjnLjnLjnLjnLjnLjnLjnLjnLjnLjnLjnLjc:n
Score

10^/10

gootloader execution loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gootloaderexecutionloader

behavioral2

gootloaderexecutionloader