gootloader | 3542cff26dff552c2c507753a6d951c9640fe1232b3f6b2620134f69e125a67f | Triage

Sharing

General

Target

3542cff26dff552c2c507753a6d951c9640fe1232b3f6b2620134f69e125a67f.js
Size

127KB
Sample

240822-n29q4svhnb
MD5

962962ae15b4228c0276ce03f5faa080
SHA1

797d161b7910cf267a9d351b08a000046b80cebc
SHA256

3542cff26dff552c2c507753a6d951c9640fe1232b3f6b2620134f69e125a67f
SHA512

7cf38f15bd11d04acd96f2b608760aa242bd874b392da758fa109ceb5f3abc221e88b9a508469d48c44f2f2a3b89ebdde8b77e769908d94b446c24ce3432b53a
SSDEEP

1536:abi/0H88HqHOdVu6Kh6PwuQDZ3zWrCEij97Mjs7q3bBptF+i3F0+jDE5PaRT4MwP:abBHPKHMQhgcqbBptF+iwPaRT4vRLJSI

Score

10^/10

gootloader execution loader

Malware Config

Targets

- Target
  
  3542cff26dff552c2c507753a6d951c9640fe1232b3f6b2620134f69e125a67f.js
- Size
  
  127KB
- MD5
  
  962962ae15b4228c0276ce03f5faa080
- SHA1
  
  797d161b7910cf267a9d351b08a000046b80cebc
- SHA256
  
  3542cff26dff552c2c507753a6d951c9640fe1232b3f6b2620134f69e125a67f
- SHA512
  
  7cf38f15bd11d04acd96f2b608760aa242bd874b392da758fa109ceb5f3abc221e88b9a508469d48c44f2f2a3b89ebdde8b77e769908d94b446c24ce3432b53a
- SSDEEP
  
  1536:abi/0H88HqHOdVu6Kh6PwuQDZ3zWrCEij97Mjs7q3bBptF+i3F0+jDE5PaRT4MwP:abBHPKHMQhgcqbBptF+iwPaRT4vRLJSI
Score

10^/10

gootloader execution loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootloaderexecutionloader

behavioral2

gootloaderexecutionloader