General

  • Target

    government_of_bc_collective_agreement(97385).js

  • Size

    19.8MB

  • Sample

    240822-qbav7sybqb

  • MD5

    5dfa4ad1f910aee0e338936b60e49265

  • SHA1

    89adff951076ff97a926d758d8dd36651e8d41f3

  • SHA256

    d844fb8765ac8322880dcc1bdd9526f5a92c4ad666453c46cfb22a1850db5cae

  • SHA512

    ac33f852455a9c036dd0967e9c1df54d5871c093581226df2658b4290c3a56c07482b0c32678f5d26c4a3fc65c36473302064400f09318cd0393a95e483adc87

  • SSDEEP

    49152:9U9z+k4FbEc6GhQa5CUl+4SSNRLFjzW03NZPn3SbYmGBl+Kn8P4BlwUC3kiQijsB:r3w3w3w3w3w3w3w3K

Malware Config

Targets

    • Target

      government_of_bc_collective_agreement(97385).js

    • Size

      19.8MB

    • MD5

      5dfa4ad1f910aee0e338936b60e49265

    • SHA1

      89adff951076ff97a926d758d8dd36651e8d41f3

    • SHA256

      d844fb8765ac8322880dcc1bdd9526f5a92c4ad666453c46cfb22a1850db5cae

    • SHA512

      ac33f852455a9c036dd0967e9c1df54d5871c093581226df2658b4290c3a56c07482b0c32678f5d26c4a3fc65c36473302064400f09318cd0393a95e483adc87

    • SSDEEP

      49152:9U9z+k4FbEc6GhQa5CUl+4SSNRLFjzW03NZPn3SbYmGBl+Kn8P4BlwUC3kiQijsB:r3w3w3w3w3w3w3w3K

    • GootLoader

      JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks