General

  • Target

    union_of_taxation_employees_collective_agreement(48028).js

  • Size

    9.3MB

  • Sample

    240923-nhsy9avgmn

  • MD5

    e1a68c8046e882cc477296e7259ef8cc

  • SHA1

    6cf5b31517648552ff40aea092da0ff2f6665752

  • SHA256

    51e4bae8bbcf446bc1c229612705ee33f261834a02b6cd19e8fe2ff9336c67f1

  • SHA512

    1637476c825479538ded3c28518d325db92ae4a20f6a6dd99e7cdba2c27a093e2d4d21ea3f1f353478470e1e09439d4fb13b9e6cdc2be8f5f54d3d6f67884bc8

  • SSDEEP

    49152:3RdpnpB9GSw/N90KJ/s+LfHQ+RdpnpB9GSw/N90KJ/s+LfHQ+RdpnpB9GSw/N90G:35A5A5A5A5A5A5A

Malware Config

Targets

    • Target

      union_of_taxation_employees_collective_agreement(48028).js

    • Size

      9.3MB

    • MD5

      e1a68c8046e882cc477296e7259ef8cc

    • SHA1

      6cf5b31517648552ff40aea092da0ff2f6665752

    • SHA256

      51e4bae8bbcf446bc1c229612705ee33f261834a02b6cd19e8fe2ff9336c67f1

    • SHA512

      1637476c825479538ded3c28518d325db92ae4a20f6a6dd99e7cdba2c27a093e2d4d21ea3f1f353478470e1e09439d4fb13b9e6cdc2be8f5f54d3d6f67884bc8

    • SSDEEP

      49152:3RdpnpB9GSw/N90KJ/s+LfHQ+RdpnpB9GSw/N90KJ/s+LfHQ+RdpnpB9GSw/N90G:35A5A5A5A5A5A5A

    • GootLoader

      JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks