gootloader | d844fb8765ac8322880dcc1bdd9526f5a92c4ad666453c46cfb22a1850db5cae | Triage

Submit
Reports

Overview

overview

Static

static

1

d844fb8765...cae.js

windows7-x64

d844fb8765...cae.js

windows10-2004-x64

Sharing

General

Target

d844fb8765ac8322880dcc1bdd9526f5a92c4ad666453c46cfb22a1850db5cae
Size

19.8MB
Sample

240822-qekjtaydnc
MD5

5dfa4ad1f910aee0e338936b60e49265
SHA1

89adff951076ff97a926d758d8dd36651e8d41f3
SHA256

d844fb8765ac8322880dcc1bdd9526f5a92c4ad666453c46cfb22a1850db5cae
SHA512

ac33f852455a9c036dd0967e9c1df54d5871c093581226df2658b4290c3a56c07482b0c32678f5d26c4a3fc65c36473302064400f09318cd0393a95e483adc87
SSDEEP

49152:9U9z+k4FbEc6GhQa5CUl+4SSNRLFjzW03NZPn3SbYmGBl+Kn8P4BlwUC3kiQijsB:r3w3w3w3w3w3w3w3K

Score

10^/10

gootloader execution loader

Static task

static1

Behavioral task

behavioral1

Sample

d844fb8765ac8322880dcc1bdd9526f5a92c4ad666453c46cfb22a1850db5cae.js

Resource

win7-20240704-en

gootloader execution loader

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

d844fb8765ac8322880dcc1bdd9526f5a92c4ad666453c46cfb22a1850db5cae.js

Resource

win10v2004-20240802-en

gootloader execution loader

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  d844fb8765ac8322880dcc1bdd9526f5a92c4ad666453c46cfb22a1850db5cae
- Size
  
  19.8MB
- MD5
  
  5dfa4ad1f910aee0e338936b60e49265
- SHA1
  
  89adff951076ff97a926d758d8dd36651e8d41f3
- SHA256
  
  d844fb8765ac8322880dcc1bdd9526f5a92c4ad666453c46cfb22a1850db5cae
- SHA512
  
  ac33f852455a9c036dd0967e9c1df54d5871c093581226df2658b4290c3a56c07482b0c32678f5d26c4a3fc65c36473302064400f09318cd0393a95e483adc87
- SSDEEP
  
  49152:9U9z+k4FbEc6GhQa5CUl+4SSNRLFjzW03NZPn3SbYmGBl+Kn8P4BlwUC3kiQijsB:r3w3w3w3w3w3w3w3K
Score

10^/10

gootloader execution loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootloaderexecutionloader

behavioral2

gootloaderexecutionloader

© 2018-2024

Terms | Privacy