General

  • Target

    government_of_bc_collective_agreement(94504).js

  • Size

    12.4MB

  • Sample

    240818-qpx8nayamk

  • MD5

    3278975b2fba395766068b57f11ffcf1

  • SHA1

    55b9790b61ab22c768ee0dd9c3a66c24c1a161bf

  • SHA256

    8b6f067ca330cbb522a036aa559794e1ff3084d90d01620414b86a84c66905c6

  • SHA512

    8d204c6f2b8d60e407c9db11377151b05f2bb63abca241daf52df392725410503e3e90d68fb4ac8d14fe6714afb70778dc0ab95e20380d970bf0d69466b60dbe

  • SSDEEP

    49152:Dyuc+9vFbEc6GhQC5Ctl+4SSNRLFjzW03NZPn3SbYmGBl+Kn8P4BlwUC3kiQijsU:Q3v3v3v3v3K

Malware Config

Targets

    • Target

      government_of_bc_collective_agreement(94504).js

    • Size

      12.4MB

    • MD5

      3278975b2fba395766068b57f11ffcf1

    • SHA1

      55b9790b61ab22c768ee0dd9c3a66c24c1a161bf

    • SHA256

      8b6f067ca330cbb522a036aa559794e1ff3084d90d01620414b86a84c66905c6

    • SHA512

      8d204c6f2b8d60e407c9db11377151b05f2bb63abca241daf52df392725410503e3e90d68fb4ac8d14fe6714afb70778dc0ab95e20380d970bf0d69466b60dbe

    • SSDEEP

      49152:Dyuc+9vFbEc6GhQC5Ctl+4SSNRLFjzW03NZPn3SbYmGBl+Kn8P4BlwUC3kiQijsU:Q3v3v3v3v3K

    • GootLoader

      JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks