General

  • Target

    union_of_taxation_employees_collective_agreement(31442).js

  • Size

    9.0MB

  • Sample

    240930-pa1vkaydpc

  • MD5

    ebc47d7b05d2cb462f3366cd0a62d595

  • SHA1

    41b1b09e348e0cea83c9840cef8565fbc15e40e4

  • SHA256

    aa69518515803dc5f4126950d94443f0bc281a71b08441b704e2459f4f3f8511

  • SHA512

    ccceaa7db00f1ad820b2171cbfefbad0e554a9c211527e934f364bef84241fe1f021cbd5dd2ac9f652dc84419260789d169d291657d09c6a5e2420e075302d22

  • SSDEEP

    49152:BjF0tlPV9PjF0tlPV9PjF0tlPV9PjF0tlPV9PjF0tlPV9PjF0tlPV9PjF0tlPV9l:aPVWPVWPVWPVWPVWPVWPVD

Malware Config

Targets

    • Target

      union_of_taxation_employees_collective_agreement(31442).js

    • Size

      9.0MB

    • MD5

      ebc47d7b05d2cb462f3366cd0a62d595

    • SHA1

      41b1b09e348e0cea83c9840cef8565fbc15e40e4

    • SHA256

      aa69518515803dc5f4126950d94443f0bc281a71b08441b704e2459f4f3f8511

    • SHA512

      ccceaa7db00f1ad820b2171cbfefbad0e554a9c211527e934f364bef84241fe1f021cbd5dd2ac9f652dc84419260789d169d291657d09c6a5e2420e075302d22

    • SSDEEP

      49152:BjF0tlPV9PjF0tlPV9PjF0tlPV9PjF0tlPV9PjF0tlPV9PjF0tlPV9PjF0tlPV9l:aPVWPVWPVWPVWPVWPVWPVD

    • GootLoader

      JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks