Overview

overview

10

Static

static

1

are_gun_ra...55).js

windows7-x64

10

are_gun_ra...55).js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    are_gun_racks_legal_in_canada(3955).js

  • Size

    10.3MB

  • Sample

    241002-vcm95szhma

  • MD5

    ffbd99b04c4bec6d730b95321027ee56

  • SHA1

    b8e2aa6c7be077a9c5fa642308f8fc77c713845e

  • SHA256

    7f4843033e0eab23d10f46b052a26ef6afbcbbf03b2c7aefc1b8da28f4865476

  • SHA512

    e858081d6423de23fff1e80b19619f3fb26fc5095233fa38de577989169a0a225bb164eb84fc4653807ac0399579109320c88e1fd4a19526699b5248ba451860

  • SSDEEP

    98304:FmPVJmPVJmPVJmPVJmPVJmPVJmPVJmPVD:n

Score
10/10
gootloaderexecutionloader

Malware Config

Targets

    • Target

      are_gun_racks_legal_in_canada(3955).js

    • Size

      10.3MB

    • MD5

      ffbd99b04c4bec6d730b95321027ee56

    • SHA1

      b8e2aa6c7be077a9c5fa642308f8fc77c713845e

    • SHA256

      7f4843033e0eab23d10f46b052a26ef6afbcbbf03b2c7aefc1b8da28f4865476

    • SHA512

      e858081d6423de23fff1e80b19619f3fb26fc5095233fa38de577989169a0a225bb164eb84fc4653807ac0399579109320c88e1fd4a19526699b5248ba451860

    • SSDEEP

      98304:FmPVJmPVJmPVJmPVJmPVJmPVJmPVJmPVD:n

    Score
    10/10
    gootloaderexecutionloader

    • GootLoader

      JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

      loadergootloader

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks