Overview

overview

10

Static

static

1

idaho boar...744.js

windows7-x64

3

idaho boar...744.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    90f8dae893a919602a2f61b78028b46bfa41d3dc9e00adfcd02561695e361605

  • Size

    1.9MB

  • Sample

    240806-y1xp9sshkh

  • MD5

    7ca82040497ee4c47d719bec6c51b67d

  • SHA1

    d03e588fe406c555ce1aaeeb29ed595739396b6e

  • SHA256

    90f8dae893a919602a2f61b78028b46bfa41d3dc9e00adfcd02561695e361605

  • SHA512

    2cc8539f7fb357a8656b77debe725feabb95389ebc741f03751510ed2ef7bafc8170ad8f8c462cebb9e5cff410855f5781a55a00a26b739ec46e8bacc8a2df99

  • SSDEEP

    49152:9QSqc9I2ONO1c4SJtwiAsXL9E7xJzaM7DRQB318MO4MMfcycp:K2sUnCwFy2nacwqH44

Score
10/10
gootloaderexecutionloader

Malware Config

Targets

    • Target

      idaho board of pharmacy rules 42744.js

    • Size

      20.5MB

    • MD5

      46303ce55762f6aeb8aa6753fc5dfb6c

    • SHA1

      0854fb0659f18b4d2d4aa3e8b64ae1bb927ed531

    • SHA256

      043eb185500bf073b3a14e962cbeabad279f89413b0f775c41b1c7b94c704ec2

    • SHA512

      2672f5bd828634b6b09ea869e9e65737da5a6b345c1bb9dddd5042a9c614ce19380c4285439fa8d49e34eef9d187c9de289eab9fb9651ac35e4cc9a1f71a76a8

    • SSDEEP

      49152:YYRxr8uC0NjaCXhqgYRxr8uC0NjaCXhqgYRxr8uC0NjaCXhqf:3mmO

    Score
    10/10
    executiongootloaderloader

    • GootLoader

      JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

      loadergootloader

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks