gootloader | 90f8dae893a919602a2f61b78028b46bfa41d3dc9e00adfcd02561695e361605 | Triage

Sharing

General

Target

MDE_File_Sample_cafaf17f202479b1ed5af7d3aa76de4b013012fc.zip
Size

1.9MB
Sample

240806-yn1ldssdrd
MD5

7ca82040497ee4c47d719bec6c51b67d
SHA1

d03e588fe406c555ce1aaeeb29ed595739396b6e
SHA256

90f8dae893a919602a2f61b78028b46bfa41d3dc9e00adfcd02561695e361605
SHA512

2cc8539f7fb357a8656b77debe725feabb95389ebc741f03751510ed2ef7bafc8170ad8f8c462cebb9e5cff410855f5781a55a00a26b739ec46e8bacc8a2df99
SSDEEP

49152:9QSqc9I2ONO1c4SJtwiAsXL9E7xJzaM7DRQB318MO4MMfcycp:K2sUnCwFy2nacwqH44

Score

10^/10

gootloader execution loader

Malware Config

Targets

- Target
  
  idaho board of pharmacy rules 42744.js
- Size
  
  20.5MB
- MD5
  
  46303ce55762f6aeb8aa6753fc5dfb6c
- SHA1
  
  0854fb0659f18b4d2d4aa3e8b64ae1bb927ed531
- SHA256
  
  043eb185500bf073b3a14e962cbeabad279f89413b0f775c41b1c7b94c704ec2
- SHA512
  
  2672f5bd828634b6b09ea869e9e65737da5a6b345c1bb9dddd5042a9c614ce19380c4285439fa8d49e34eef9d187c9de289eab9fb9651ac35e4cc9a1f71a76a8
- SSDEEP
  
  49152:YYRxr8uC0NjaCXhqgYRxr8uC0NjaCXhqgYRxr8uC0NjaCXhqf:3mmO
Score

10^/10

gootloader execution loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootloaderexecutionloader

behavioral2

gootloaderexecutionloader

behavioral3

gootloaderexecutionloader