gootloader | cefe81ea428bdb45033875b07539d8e77f6c55f3488838cf17033cb4f87f4399 | Triage

Sharing

General

Target

cefe81ea428bdb45033875b07539d8e77f6c55f3488838cf17033cb4f87f4399
Size

9.3MB
Sample

240924-gcagdsxdkb
MD5

903fcfc5a11c336dfc5d9d881c2c8ac3
SHA1

c21eaf136cf4bc6d3a7f17496b8c164920b5a9b5
SHA256

cefe81ea428bdb45033875b07539d8e77f6c55f3488838cf17033cb4f87f4399
SHA512

afa27bacd7335d7389c194c5aa4ea776cb46bb50418eb263095f260431eec2269764b5ad9943423c3c4e132c45605f7ed1a10e4c3360f24d8470e17f1757f48f
SSDEEP

49152:W9canpP9w8LZ4WG/s+LfHQH9canpP9w8LZ4WG/s+LfHQH9canpP9w8LZ4WG/s+Lr:W777777q

Score

10^/10

gootloader execution loader

Malware Config

Targets

- Target
  
  cefe81ea428bdb45033875b07539d8e77f6c55f3488838cf17033cb4f87f4399
- Size
  
  9.3MB
- MD5
  
  903fcfc5a11c336dfc5d9d881c2c8ac3
- SHA1
  
  c21eaf136cf4bc6d3a7f17496b8c164920b5a9b5
- SHA256
  
  cefe81ea428bdb45033875b07539d8e77f6c55f3488838cf17033cb4f87f4399
- SHA512
  
  afa27bacd7335d7389c194c5aa4ea776cb46bb50418eb263095f260431eec2269764b5ad9943423c3c4e132c45605f7ed1a10e4c3360f24d8470e17f1757f48f
- SSDEEP
  
  49152:W9canpP9w8LZ4WG/s+LfHQH9canpP9w8LZ4WG/s+LfHQH9canpP9w8LZ4WG/s+Lr:W777777q
Score

10^/10

gootloader execution loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootloaderexecutionloader

behavioral2

gootloaderexecutionloader