Resubmissions

18-09-2024 12:09

240918-pbs64szcqd 10

18-09-2024 11:51

240918-nz82ssygma 10

General

  • Target

    union_of_taxation_employees_collective_agreement(88998).js

  • Size

    5.3MB

  • Sample

    240918-pbs64szcqd

  • MD5

    32e8b0c3d5675dba6a372c2998e9b55e

  • SHA1

    13c19a612f8671a4c6c4e7f37483c0e5e5d4bb43

  • SHA256

    1f3338dbeda08ff5b4176790ad720f160e0435d3283c53b1393dd86c3fb051a0

  • SHA512

    bee58ff3db81361eb203d961c575e56085621a3fe6348094c8b07e35b7066f0b5499ceec31cb9357070bb9b3678e6f549eeb8f3fd3ed5c80bc73492c837c9735

  • SSDEEP

    49152:xkfcnNhkwrcfqcGUs+LfHQekfcnNhkwrcfqcGUs+LfHQekfcnNhkwrcfqcGUs+LI:xuuu+

Malware Config

Targets

    • Target

      union_of_taxation_employees_collective_agreement(88998).js

    • Size

      5.3MB

    • MD5

      32e8b0c3d5675dba6a372c2998e9b55e

    • SHA1

      13c19a612f8671a4c6c4e7f37483c0e5e5d4bb43

    • SHA256

      1f3338dbeda08ff5b4176790ad720f160e0435d3283c53b1393dd86c3fb051a0

    • SHA512

      bee58ff3db81361eb203d961c575e56085621a3fe6348094c8b07e35b7066f0b5499ceec31cb9357070bb9b3678e6f549eeb8f3fd3ed5c80bc73492c837c9735

    • SSDEEP

      49152:xkfcnNhkwrcfqcGUs+LfHQekfcnNhkwrcfqcGUs+LfHQekfcnNhkwrcfqcGUs+LI:xuuu+

    • GootLoader

      JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks