gootloader | b223f34232b8dba6e44378284e76b88ef2e400feb66dce1e2c559fbe604c7116 | Triage

Submit
Reports

Overview

overview

Static

static

1

b223f34232...116.js

windows7-x64

3

b223f34232...116.js

windows10-2004-x64

Sharing

General

Target

b223f34232b8dba6e44378284e76b88ef2e400feb66dce1e2c559fbe604c7116
Size

6.6MB
Sample

240905-qg6vts1frj
MD5

9d0cecef7376caec025b6de663264179
SHA1

eaef939e94b241f814520bec5d82ec01a5a4e368
SHA256

b223f34232b8dba6e44378284e76b88ef2e400feb66dce1e2c559fbe604c7116
SHA512

53eae1612b93fc10bceaee51192dc1220cde0eafaf1618b7c55177135449da87bc19ee27664bf3c9521ca3574900637a4fb2d6e2ca5b8162ae591bee0c5e0a19
SSDEEP

49152:Hh/PnNuIw+rja6v/s+LfHQGh/PnNuIw+rja6v/s+LfHQGh/PnNuIw+rja6v/s+L/:Hhhhhx

Score

10^/10

gootloader execution loader

Static task

static1

Behavioral task

behavioral1

Sample

b223f34232b8dba6e44378284e76b88ef2e400feb66dce1e2c559fbe604c7116.js

Resource

win7-20240903-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

b223f34232b8dba6e44378284e76b88ef2e400feb66dce1e2c559fbe604c7116.js

Resource

win10v2004-20240802-en

gootloader execution loader

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  b223f34232b8dba6e44378284e76b88ef2e400feb66dce1e2c559fbe604c7116
- Size
  
  6.6MB
- MD5
  
  9d0cecef7376caec025b6de663264179
- SHA1
  
  eaef939e94b241f814520bec5d82ec01a5a4e368
- SHA256
  
  b223f34232b8dba6e44378284e76b88ef2e400feb66dce1e2c559fbe604c7116
- SHA512
  
  53eae1612b93fc10bceaee51192dc1220cde0eafaf1618b7c55177135449da87bc19ee27664bf3c9521ca3574900637a4fb2d6e2ca5b8162ae591bee0c5e0a19
- SSDEEP
  
  49152:Hh/PnNuIw+rja6v/s+LfHQGh/PnNuIw+rja6v/s+LfHQGh/PnNuIw+rja6v/s+L/:Hhhhhx
Score

10^/10

execution gootloader loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

gootloaderexecutionloader

© 2018-2024

Terms | Privacy