General

  • Target

    6856f03ce955ec584efb9329604476a88e798aea8907fc104fedbdaefd196b8a

  • Size

    1.3MB

  • Sample

    240722-znjhjsxepe

  • MD5

    c6e15465097789b41d0ccb3cac06c2b2

  • SHA1

    5b9650dca11ecb76921f234c50facc1d0f4c69d5

  • SHA256

    6856f03ce955ec584efb9329604476a88e798aea8907fc104fedbdaefd196b8a

  • SHA512

    30c25d63eeab40a24995b937a5f2ba2175fb3556c611e98ad57f721d5afcc725c49f0bcfa43626db1f6cbd537fee554e934cfb401b53b25726d14b962558ec34

  • SSDEEP

    24576:cvv771qryQyXFXq2XsHh/mY/k/feDcbPsCEbyYf5MtTrT4UXUQ:cvvfkn+Q2XsHhux4crsCEbykErT4G

Malware Config

Targets

    • Target

      reflection questions on the four agreements 43823.js

    • Size

      13.7MB

    • MD5

      fca44493fbf8c1ad59955b8d81ab4e62

    • SHA1

      f553326b45c6d2a4951397a0fc86aa99890fe0bb

    • SHA256

      eea34f04316b1b597c628f1d1d55d99a47f8a4e6a86931a9451da245067de505

    • SHA512

      3a139a85765c0f744744e236a3d7588c77a1a5a21a4d52350bee3b65319b51a723769051d6da184f75f01f29e11744097b039504d24593581f1fa25c8f6071f8

    • SSDEEP

      49152:YYRxr8uC0NjaCXtXgYRxr8uC0NjaCXtXf:v3P

    • GootLoader

      JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks