gootloader | 79caf357853137fc47f9467ddac92602207dcf9775fd07db5cafaf2874f6d20f | Triage

Resubmissions

20-09-2024 13:16

240920-qh5n6ayakf 10

20-09-2024 12:26

240920-pmlw6swgmr 10

Sharing

General

Target

GREENH~1.JS
Size

45.6MB
Sample

240920-qh5n6ayakf
MD5

242b497332d9530865c2f289142ee316
SHA1

929d35e1b006a260bc5db0d29460bcfcf6b3c7e6
SHA256

79caf357853137fc47f9467ddac92602207dcf9775fd07db5cafaf2874f6d20f
SHA512

c04f71d9249d3302b91b41138297a4bee889d79d241f1ebde08ca31cc909daba2ef39c6b9d2c8e9f5ef591e5b0f93c6083db6b1d0a3da80453a91e18b60b2f88
SSDEEP

3072:eW9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9f:b

Score

10^/10

gootloader execution loader

Malware Config

Targets

- Target
  
  GREENH~1.JS
- Size
  
  45.6MB
- MD5
  
  242b497332d9530865c2f289142ee316
- SHA1
  
  929d35e1b006a260bc5db0d29460bcfcf6b3c7e6
- SHA256
  
  79caf357853137fc47f9467ddac92602207dcf9775fd07db5cafaf2874f6d20f
- SHA512
  
  c04f71d9249d3302b91b41138297a4bee889d79d241f1ebde08ca31cc909daba2ef39c6b9d2c8e9f5ef591e5b0f93c6083db6b1d0a3da80453a91e18b60b2f88
- SSDEEP
  
  3072:eW9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9W9f:b
Score

10^/10

gootloader execution loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootloaderexecutionloader