gootloader | d69806d3e2d3a414278334188894d3c3f1704f047aa9cb72d6b85f48f7de45b0 | Triage

Submit
Reports

Overview

overview

Static

static

1

union_of_t...85).js

windows10-2004-x64

Resubmissions

21-09-2024 11:51

240921-n1bgxs1djm 10

20-09-2024 11:26

240920-nj4r5stgpk 10

Sharing

General

Target

union_of_taxation_employees_collective_agreement(35285).js
Size

10.6MB
Sample

240920-nj4r5stgpk
MD5

a4941b073a1cf1183a4f3be6ac321ce4
SHA1

41383a555a57144cdce8d3bea8d61123c15c6148
SHA256

d69806d3e2d3a414278334188894d3c3f1704f047aa9cb72d6b85f48f7de45b0
SHA512

4d42854364311f17db09edc2cd8bc535a03dbdd8972bd608963adb63dcb3a8ec258479d00fa2cfd84ef11c7b5779f94e955b403ed3317309463a394a282fa82a
SSDEEP

49152:H3ncwnVlbwzu6Uvq/s+LfHQe3ncwnVlbwzu6Uvq/s+LfHQe3ncwnVlbwzu6Uvq/Q:H4444444s

Score

10^/10

gootloader execution loader

Static task

static1

Behavioral task

behavioral1

Sample

union_of_taxation_employees_collective_agreement(35285).js

Resource

win10v2004-20240802-en

gootloader execution loader

windows10-2004-x64

10 signatures

300 seconds

Malware Config

Targets

- Target
  
  union_of_taxation_employees_collective_agreement(35285).js
- Size
  
  10.6MB
- MD5
  
  a4941b073a1cf1183a4f3be6ac321ce4
- SHA1
  
  41383a555a57144cdce8d3bea8d61123c15c6148
- SHA256
  
  d69806d3e2d3a414278334188894d3c3f1704f047aa9cb72d6b85f48f7de45b0
- SHA512
  
  4d42854364311f17db09edc2cd8bc535a03dbdd8972bd608963adb63dcb3a8ec258479d00fa2cfd84ef11c7b5779f94e955b403ed3317309463a394a282fa82a
- SSDEEP
  
  49152:H3ncwnVlbwzu6Uvq/s+LfHQe3ncwnVlbwzu6Uvq/s+LfHQe3ncwnVlbwzu6Uvq/Q:H4444444s
Score

10^/10

gootloader execution loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootloaderexecutionloader

© 2018-2024

Terms | Privacy