Overview

overview

10

Static

static

1

government...53).js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    government_of_bc_collective_agreement(8153).js

  • Size

    19.8MB

  • Sample

    240824-n2qcgaydpc

  • MD5

    d4483752e09a49e92a4c7531dad0b274

  • SHA1

    0727a03eaf46b0b6dc7c35364b9b032356adba74

  • SHA256

    e63147aa4be38c11449b5cc503f2b2df8f8849aa6f8d999980387c4576c78eab

  • SHA512

    3e5a37ebc18fa48a2667dd04f1e9079910e7cc0e50ffe809a5a15167daa5b01d0c147c8afd65af071a6911527cb958b249974e184a12352bf2e3aab1c66c9175

  • SSDEEP

    49152:qf+e+K4FbEc6GhQf5Ctl+4SSNRLFjzW03NZPn3SbYmGBl+Kn8P4BlwUC3kiQijsh:j3q3q3q3q3q3q3q3K

Score
10/10
gootloaderexecutionloader

Malware Config

Targets

    • Target

      government_of_bc_collective_agreement(8153).js

    • Size

      19.8MB

    • MD5

      d4483752e09a49e92a4c7531dad0b274

    • SHA1

      0727a03eaf46b0b6dc7c35364b9b032356adba74

    • SHA256

      e63147aa4be38c11449b5cc503f2b2df8f8849aa6f8d999980387c4576c78eab

    • SHA512

      3e5a37ebc18fa48a2667dd04f1e9079910e7cc0e50ffe809a5a15167daa5b01d0c147c8afd65af071a6911527cb958b249974e184a12352bf2e3aab1c66c9175

    • SSDEEP

      49152:qf+e+K4FbEc6GhQf5Ctl+4SSNRLFjzW03NZPn3SbYmGBl+Kn8P4BlwUC3kiQijsh:j3q3q3q3q3q3q3q3K

    Score
    10/10
    gootloaderexecutionloader

    • GootLoader

      JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

      loadergootloader

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks