gootloader | 197ed83ce1040c1b5186b475e91435ae71fef0eebbbee169baa18ca2e06fef51 | Triage

Submit
Reports

Overview

overview

Static

static

1

government...438.js

windows7-x64

government...438.js

windows10-2004-x64

Sharing

General

Target

governmentofbccollectiveagreement70438.js
Size

13.7MB
Sample

240803-qh43matgnr
MD5

535f247771721e4bc9e5d4794cdf5be7
SHA1

b8a5ee57a6e2a676bae254fd98e3a67825f52f69
SHA256

197ed83ce1040c1b5186b475e91435ae71fef0eebbbee169baa18ca2e06fef51
SHA512

0e8aedda277036227010938194a555dc5b388c5c3ff808635730a6efc86d0ce449ad432d929644261c350159f9c83991ccb5d5473f4b9f2d8af5f9f72fc28ca6
SSDEEP

49152:YYRxr8uC0NjaCXan1IgYRxr8uC0NjaCXan1If:An1Tn1g

Score

10^/10

gootloader execution loader

Static task

static1

Behavioral task

behavioral1

Sample

governmentofbccollectiveagreement70438.js

Resource

win7-20240704-en

gootloader execution loader

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

governmentofbccollectiveagreement70438.js

Resource

win10v2004-20240802-en

gootloader execution loader

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  governmentofbccollectiveagreement70438.js
- Size
  
  13.7MB
- MD5
  
  535f247771721e4bc9e5d4794cdf5be7
- SHA1
  
  b8a5ee57a6e2a676bae254fd98e3a67825f52f69
- SHA256
  
  197ed83ce1040c1b5186b475e91435ae71fef0eebbbee169baa18ca2e06fef51
- SHA512
  
  0e8aedda277036227010938194a555dc5b388c5c3ff808635730a6efc86d0ce449ad432d929644261c350159f9c83991ccb5d5473f4b9f2d8af5f9f72fc28ca6
- SSDEEP
  
  49152:YYRxr8uC0NjaCXan1IgYRxr8uC0NjaCXan1If:An1Tn1g
Score

10^/10

gootloader execution loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootloaderexecutionloader

behavioral2

gootloaderexecutionloader

© 2018-2024

Terms | Privacy