gootloader | 6856f03ce955ec584efb9329604476a88e798aea8907fc104fedbdaefd196b8a | Triage

Resubmissions

23-07-2024 13:00

240723-p8xwka1cqm 10

22-07-2024 19:52

240722-ylcfsavekf 10

Sharing

General

Target

Reflection_questions_on_the_four_agreements_5629.zip
Size

1.3MB
Sample

240722-ylcfsavekf
MD5

c6e15465097789b41d0ccb3cac06c2b2
SHA1

5b9650dca11ecb76921f234c50facc1d0f4c69d5
SHA256

6856f03ce955ec584efb9329604476a88e798aea8907fc104fedbdaefd196b8a
SHA512

30c25d63eeab40a24995b937a5f2ba2175fb3556c611e98ad57f721d5afcc725c49f0bcfa43626db1f6cbd537fee554e934cfb401b53b25726d14b962558ec34
SSDEEP

24576:cvv771qryQyXFXq2XsHh/mY/k/feDcbPsCEbyYf5MtTrT4UXUQ:cvvfkn+Q2XsHhux4crsCEbykErT4G

Score

10^/10

gootloader execution loader

Malware Config

Targets

- Target
  
  Reflection_questions_on_the_four_agreements_5629.zip
- Size
  
  1.3MB
- MD5
  
  c6e15465097789b41d0ccb3cac06c2b2
- SHA1
  
  5b9650dca11ecb76921f234c50facc1d0f4c69d5
- SHA256
  
  6856f03ce955ec584efb9329604476a88e798aea8907fc104fedbdaefd196b8a
- SHA512
  
  30c25d63eeab40a24995b937a5f2ba2175fb3556c611e98ad57f721d5afcc725c49f0bcfa43626db1f6cbd537fee554e934cfb401b53b25726d14b962558ec34
- SSDEEP
  
  24576:cvv771qryQyXFXq2XsHh/mY/k/feDcbPsCEbyYf5MtTrT4UXUQ:cvvfkn+Q2XsHhux4crsCEbykErT4G
Score

1^/10
behavioral1 behavioral2
- Target
  
  reflection questions on the four agreements 43823.js
- Size
  
  13.7MB
- MD5
  
  fca44493fbf8c1ad59955b8d81ab4e62
- SHA1
  
  f553326b45c6d2a4951397a0fc86aa99890fe0bb
- SHA256
  
  eea34f04316b1b597c628f1d1d55d99a47f8a4e6a86931a9451da245067de505
- SHA512
  
  3a139a85765c0f744744e236a3d7588c77a1a5a21a4d52350bee3b65319b51a723769051d6da184f75f01f29e11744097b039504d24593581f1fa25c8f6071f8
- SSDEEP
  
  49152:YYRxr8uC0NjaCXtXgYRxr8uC0NjaCXtXf:v3P
Score

10^/10

execution gootloader loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

gootloaderexecutionloader