General

  • Target

    where are billing agreements in paypal 10964.js

  • Size

    27.4MB

  • Sample

    240811-pka2wsyhjp

  • MD5

    d0015b3890d82fbb6dffbb1ab58538dd

  • SHA1

    07b60ff9c3c3bd163b6783643eda3abb84393458

  • SHA256

    6ab8c652eaac3627f0e3420aa3d7a29de229e6f905d7180af589d3f47a3ecaa4

  • SHA512

    6a27ae112fef1339b7144c983529ff7188b6701db9d35a37bb3d5918c9db9f11d058fa3bad95e14842e6f6a6acbc1fc89381fd4e23a5d86287396b6cdfa376f4

  • SSDEEP

    49152:YYRxr8uC0NjaCXjzgYRxr8uC0NjaCXjzgYRxr8uC0NjaCXjzgYRxr8uC0NjaCXj7:5lll7

Malware Config

Targets

    • Target

      where are billing agreements in paypal 10964.js

    • Size

      27.4MB

    • MD5

      d0015b3890d82fbb6dffbb1ab58538dd

    • SHA1

      07b60ff9c3c3bd163b6783643eda3abb84393458

    • SHA256

      6ab8c652eaac3627f0e3420aa3d7a29de229e6f905d7180af589d3f47a3ecaa4

    • SHA512

      6a27ae112fef1339b7144c983529ff7188b6701db9d35a37bb3d5918c9db9f11d058fa3bad95e14842e6f6a6acbc1fc89381fd4e23a5d86287396b6cdfa376f4

    • SSDEEP

      49152:YYRxr8uC0NjaCXjzgYRxr8uC0NjaCXjzgYRxr8uC0NjaCXjzgYRxr8uC0NjaCXj7:5lll7

    • GootLoader

      JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks