gootloader | 34fa85f029342b00dc2887280668014b7317d2d9bfb26bafd95a353e9a44d404 | Triage

Submit
Reports

Overview

overview

Static

static

1

34fa85f029...404.js

windows7-x64

34fa85f029...404.js

windows10-2004-x64

Sharing

General

Target

34fa85f029342b00dc2887280668014b7317d2d9bfb26bafd95a353e9a44d404
Size

13.7MB
Sample

240724-rtv5jatera
MD5

09f808a8e6517ec82c2753ed19ac734d
SHA1

85abf5a92fc8e84ec3cd018b3344b36e727facdd
SHA256

34fa85f029342b00dc2887280668014b7317d2d9bfb26bafd95a353e9a44d404
SHA512

ea94fff7d2c84270dafe079ccd5b9f549e0fa9f3fd6644f01634e1fc7e701e9ce2cd3f6a6387415290919f421a1fb98a3f62c02600e0c8ddafd71a5941be5d7e
SSDEEP

49152:YYRxr8uC0NjaCXkrCKgYRxr8uC0NjaCXkrCKf:eCz

Score

10^/10

gootloader execution loader

Static task

static1

Behavioral task

behavioral1

Sample

34fa85f029342b00dc2887280668014b7317d2d9bfb26bafd95a353e9a44d404.js

Resource

win7-20240708-en

gootloader execution loader

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

34fa85f029342b00dc2887280668014b7317d2d9bfb26bafd95a353e9a44d404.js

Resource

win10v2004-20240709-en

gootloader execution loader

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  34fa85f029342b00dc2887280668014b7317d2d9bfb26bafd95a353e9a44d404
- Size
  
  13.7MB
- MD5
  
  09f808a8e6517ec82c2753ed19ac734d
- SHA1
  
  85abf5a92fc8e84ec3cd018b3344b36e727facdd
- SHA256
  
  34fa85f029342b00dc2887280668014b7317d2d9bfb26bafd95a353e9a44d404
- SHA512
  
  ea94fff7d2c84270dafe079ccd5b9f549e0fa9f3fd6644f01634e1fc7e701e9ce2cd3f6a6387415290919f421a1fb98a3f62c02600e0c8ddafd71a5941be5d7e
- SSDEEP
  
  49152:YYRxr8uC0NjaCXkrCKgYRxr8uC0NjaCXkrCKf:eCz
Score

10^/10

gootloader execution loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootloaderexecutionloader

behavioral2

gootloaderexecutionloader

© 2018-2024

Terms | Privacy