gootloader | 6ab8c652eaac3627f0e3420aa3d7a29de229e6f905d7180af589d3f47a3ecaa4 | Triage

Submit
Reports

Overview

overview

Static

static

1

6ab8c652ea...aa4.js

windows7-x64

3

6ab8c652ea...aa4.js

windows10-2004-x64

Sharing

General

Target

6ab8c652eaac3627f0e3420aa3d7a29de229e6f905d7180af589d3f47a3ecaa4
Size

27.4MB
Sample

240811-pqq1asterg
MD5

d0015b3890d82fbb6dffbb1ab58538dd
SHA1

07b60ff9c3c3bd163b6783643eda3abb84393458
SHA256

6ab8c652eaac3627f0e3420aa3d7a29de229e6f905d7180af589d3f47a3ecaa4
SHA512

6a27ae112fef1339b7144c983529ff7188b6701db9d35a37bb3d5918c9db9f11d058fa3bad95e14842e6f6a6acbc1fc89381fd4e23a5d86287396b6cdfa376f4
SSDEEP

49152:YYRxr8uC0NjaCXjzgYRxr8uC0NjaCXjzgYRxr8uC0NjaCXjzgYRxr8uC0NjaCXj7:5lll7

Score

10^/10

gootloader execution loader

Static task

static1

Behavioral task

behavioral1

Sample

6ab8c652eaac3627f0e3420aa3d7a29de229e6f905d7180af589d3f47a3ecaa4.js

Resource

win7-20240708-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

6ab8c652eaac3627f0e3420aa3d7a29de229e6f905d7180af589d3f47a3ecaa4.js

Resource

win10v2004-20240802-en

gootloader execution loader

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  6ab8c652eaac3627f0e3420aa3d7a29de229e6f905d7180af589d3f47a3ecaa4
- Size
  
  27.4MB
- MD5
  
  d0015b3890d82fbb6dffbb1ab58538dd
- SHA1
  
  07b60ff9c3c3bd163b6783643eda3abb84393458
- SHA256
  
  6ab8c652eaac3627f0e3420aa3d7a29de229e6f905d7180af589d3f47a3ecaa4
- SHA512
  
  6a27ae112fef1339b7144c983529ff7188b6701db9d35a37bb3d5918c9db9f11d058fa3bad95e14842e6f6a6acbc1fc89381fd4e23a5d86287396b6cdfa376f4
- SSDEEP
  
  49152:YYRxr8uC0NjaCXjzgYRxr8uC0NjaCXjzgYRxr8uC0NjaCXjzgYRxr8uC0NjaCXj7:5lll7
Score

10^/10

execution gootloader loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

gootloaderexecutionloader

© 2018-2024

Terms | Privacy