gootloader | 0a67499a709b1644c4770067be6a7bd932c601d6d09552e4e35e2dacbafa2c77 | Triage

Submit
Reports

Overview

overview

Static

static

1

freeinform...ate.js

windows7-x64

freeinform...ate.js

windows10-2004-x64

Sharing

General

Target

freeinformalloanagreementtemplate.js
Size

841KB
Sample

241003-cmkynashmf
MD5

7ac78182e549eb40175d21cc87b94b62
SHA1

b9d41cfaa5df3d6855403876871b4bdbea3185be
SHA256

0a67499a709b1644c4770067be6a7bd932c601d6d09552e4e35e2dacbafa2c77
SHA512

c31b241714a68b2234aaadccf08fd320df77f7f33dba54d7032167086cb230d632a8b6a34614797be48ef70223158a7d9684a8b18f7fffb6b66dc44e37a06ef7
SSDEEP

24576:ZQCgo+ogQc5WfNnZmD/n95ajjhxeB2rRhWpyQTaEFNE3NEr:ZQCgo+ogQc5WfNnZmD/nDajj+8WpyQTZ

Score

10^/10

gootloader execution loader

Static task

static1

Behavioral task

behavioral1

Sample

freeinformalloanagreementtemplate.js

Resource

win7-20240704-en

gootloader execution loader

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

freeinformalloanagreementtemplate.js

Resource

win10v2004-20240802-en

gootloader execution loader

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  freeinformalloanagreementtemplate.js
- Size
  
  841KB
- MD5
  
  7ac78182e549eb40175d21cc87b94b62
- SHA1
  
  b9d41cfaa5df3d6855403876871b4bdbea3185be
- SHA256
  
  0a67499a709b1644c4770067be6a7bd932c601d6d09552e4e35e2dacbafa2c77
- SHA512
  
  c31b241714a68b2234aaadccf08fd320df77f7f33dba54d7032167086cb230d632a8b6a34614797be48ef70223158a7d9684a8b18f7fffb6b66dc44e37a06ef7
- SSDEEP
  
  24576:ZQCgo+ogQc5WfNnZmD/n95ajjhxeB2rRhWpyQTaEFNE3NEr:ZQCgo+ogQc5WfNnZmD/nDajj+8WpyQTZ
Score

10^/10

gootloader execution loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootloaderexecutionloader

behavioral2

gootloaderexecutionloader

© 2018-2024

Terms | Privacy