gootloader | 26a68f915f48c1cdacb8896940edd55395d68ae44236b13360304e8975937865 | Triage

Sharing

General

Target

26a68f915f48c1cdacb8896940edd55395d68ae44236b13360304e8975937865.js
Size

844KB
Sample

240913-bhme9awekh
MD5

c4cb6d8700cce08b4002b9a3bedec327
SHA1

4e7b6909037eff3974eaac12f5b2d9baad82b448
SHA256

26a68f915f48c1cdacb8896940edd55395d68ae44236b13360304e8975937865
SHA512

0679eba75c9be3b63f7a3b5fc07b6f0d57194d03eba3fff3bb36a54f309eb5b1862795247d5052f2a54e752ad89d0cf8396823936c766d8d966e3d17a5c8bf1d
SSDEEP

24576:CFCgo+ogQc5WfNnZmD/nFHTuyxUeGZ/YLWpyQTaEFNE3NE2:CFCgo+ogQc5WfNnZmD/nZTuyvlWpyQTo

Score

10^/10

gootloader execution loader

Malware Config

Targets

- Target
  
  26a68f915f48c1cdacb8896940edd55395d68ae44236b13360304e8975937865.js
- Size
  
  844KB
- MD5
  
  c4cb6d8700cce08b4002b9a3bedec327
- SHA1
  
  4e7b6909037eff3974eaac12f5b2d9baad82b448
- SHA256
  
  26a68f915f48c1cdacb8896940edd55395d68ae44236b13360304e8975937865
- SHA512
  
  0679eba75c9be3b63f7a3b5fc07b6f0d57194d03eba3fff3bb36a54f309eb5b1862795247d5052f2a54e752ad89d0cf8396823936c766d8d966e3d17a5c8bf1d
- SSDEEP
  
  24576:CFCgo+ogQc5WfNnZmD/nFHTuyxUeGZ/YLWpyQTaEFNE3NE2:CFCgo+ogQc5WfNnZmD/nZTuyvlWpyQTo
Score

10^/10

gootloader execution loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootloaderexecutionloader

behavioral2

gootloaderexecutionloader