General

  • Target

    0f5d09fb71d168f3bd2c0a236a2810564568b1e0df8f2567c2c9029ef6327f3e

  • Size

    27.4MB

  • Sample

    240730-q7da7ssckp

  • MD5

    ea896e481568829f6f59098f4f584f7f

  • SHA1

    b39c3eb087e42018b1ab740eeb196aeda00ec245

  • SHA256

    0f5d09fb71d168f3bd2c0a236a2810564568b1e0df8f2567c2c9029ef6327f3e

  • SHA512

    5533fbea0d70da197c435a1081006b14a8a6453ecfd032b94515dbc897a1730c3feefe76ef2dca8eb3505f5113a23d59b1e7891f5131ad860709395c3264929a

  • SSDEEP

    49152:YYRxr8uC0NjaCXB/gYRxr8uC0NjaCXB/gYRxr8uC0NjaCXB/gYRxr8uC0NjaCXBH:LrrrH

Malware Config

Targets

    • Target

      0f5d09fb71d168f3bd2c0a236a2810564568b1e0df8f2567c2c9029ef6327f3e

    • Size

      27.4MB

    • MD5

      ea896e481568829f6f59098f4f584f7f

    • SHA1

      b39c3eb087e42018b1ab740eeb196aeda00ec245

    • SHA256

      0f5d09fb71d168f3bd2c0a236a2810564568b1e0df8f2567c2c9029ef6327f3e

    • SHA512

      5533fbea0d70da197c435a1081006b14a8a6453ecfd032b94515dbc897a1730c3feefe76ef2dca8eb3505f5113a23d59b1e7891f5131ad860709395c3264929a

    • SSDEEP

      49152:YYRxr8uC0NjaCXB/gYRxr8uC0NjaCXB/gYRxr8uC0NjaCXB/gYRxr8uC0NjaCXBH:LrrrH

    • GootLoader

      JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks