General

  • Target

    836624d96a0d0e619a59ddc2ce0dac6a5afd4bd693472992d1e54bf0e4016c82

  • Size

    6.3MB

  • Sample

    240703-nvxg7s1dph

  • MD5

    23cdcf4eb7e0cbb9a410f8853af95332

  • SHA1

    c5233d698b1f3685ccf9e0eca88016e1eb8bdae5

  • SHA256

    836624d96a0d0e619a59ddc2ce0dac6a5afd4bd693472992d1e54bf0e4016c82

  • SHA512

    d6f94b4e3aa4aa7d42c1a2ac41037b61b80cea9e7d564fc5df3676f75df1ce105153261d5ff9e83a84cc8f3fc616ebda9b71f1b33be7f4cdcfdc4b73c488074c

  • SSDEEP

    196608:dtWHCWLO+nWQFMgcx7xvx1tDOkH6D6kBXYdVdY:d9Wzqx7xRarX8dY

Malware Config

Targets

    • Target

      sending legal notice via email 72935.js

    • Size

      28.9MB

    • MD5

      640da8fe1e546638738b49247a4fe9de

    • SHA1

      63c172ea5ec4adce6ebeafb4936fe9ebb394906f

    • SHA256

      6f90f50b45180f9537db95146b6e71c116fe58a777b12f825eb060441bc3f3e7

    • SHA512

      58bacfbd626663a33b9ceafffc7e40caaeece01ea95fca32adbf06096debe9450d393309516052fb312e335387df40d9dc5d6899b97925354bac73ef6eb2fda8

    • SSDEEP

      49152:W7BuzjCxb4qHlp4Bh3N0yXhxIB9z4YzYBHvG+80GI30e/oHfGSdh3qusBogUcE/Q:b

    • GootLoader

      JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks