gootloader | 7c968be280ae9e6c8f0ee971eb7ee65f988babda748d266faf9c24966fcfb6fb | Triage

Resubmissions

31-07-2024 19:15

240731-xyl1batdpa 10

31-07-2024 19:14

240731-xxymqatdnh 10

Sharing

General

Target

Agreement_between_husband_and_wife_sample_98157.zip.7z
Size

1.9MB
Sample

240731-xxymqatdnh
MD5

34206a2b453f6fbd43f385a30fa33408
SHA1

25e594dcea9109c4d79ad35bbf138642427ab1d1
SHA256

7c968be280ae9e6c8f0ee971eb7ee65f988babda748d266faf9c24966fcfb6fb
SHA512

a9786990b8c6898af1dc008dc182cbf5ac220f4f116a920302b8c8d308186f1a815ce3ce35ec0758b98ea785e8c6deddfb947e7d9a089e7cabc2ca85bab35d75
SSDEEP

49152:tiwcS5VBWKAQJwU72FQ9BMXM/if+QbuDXKxvVSV+0K:7fWj6e8BMc/ifHBFka

Score

10^/10

gootloader execution loader

Malware Config

Targets

- Target
  
  agreement between husband and wife sample 5217.js
- Size
  
  20.5MB
- MD5
  
  ec0f178a649479022efd92b114f24f95
- SHA1
  
  7b18b2fc85fb949af3f4b372bd5b5e2fe1d8ddbf
- SHA256
  
  a4502a98e81027437e18f559775fcb89b2400f1c026409261290a00532c354a7
- SHA512
  
  35c16eaca7de7c4d6550e9b3612170671453ee502a55e78d60927846c6afb091546ec9f865e589970565d90cbd7f037f37332ceed32243bdabf70bfca8596806
- SSDEEP
  
  49152:YYRxr8uC0NjaCX3lgYRxr8uC0NjaCX3lgYRxr8uC0NjaCX3lf:x//J
Score

10^/10

gootloader execution loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootloaderexecutionloader

behavioral2

gootloaderexecutionloader