gootloader | 3876d44d7aa8e213ee680f2390850ad2464c98e96f5bddc2fd2a3c2fadfc5686 | Triage

Sharing

General

Target

union_of_taxation_employees_collective_agreement5199.js
Size

9.0MB
Sample

241003-paebka1dla
MD5

9f3c383042e789c18b0d5f9711617eae
SHA1

ebd6a4b4cc29531e0d0934e3b39d028dcb27de71
SHA256

3876d44d7aa8e213ee680f2390850ad2464c98e96f5bddc2fd2a3c2fadfc5686
SHA512

2e3519cca51f2477bcaaaee5953f817caecf846d3f44e01ec3670a3698ece5a6cd416dfa0857648eebc19c2e3dcc08072e1e3dba5bb025594d2f55e9ce111237
SSDEEP

49152:GQEXJrPV9EQEXJrPV9EQEXJrPV9EQEXJrPV9EQEXJrPV9EQEXJrPV9EQEXJrPV9l:YxPVUxPVUxPVUxPVUxPVUxPVUxPVD

Score

10^/10

gootloader execution loader

Malware Config

Targets

- Target
  
  union_of_taxation_employees_collective_agreement5199.js
- Size
  
  9.0MB
- MD5
  
  9f3c383042e789c18b0d5f9711617eae
- SHA1
  
  ebd6a4b4cc29531e0d0934e3b39d028dcb27de71
- SHA256
  
  3876d44d7aa8e213ee680f2390850ad2464c98e96f5bddc2fd2a3c2fadfc5686
- SHA512
  
  2e3519cca51f2477bcaaaee5953f817caecf846d3f44e01ec3670a3698ece5a6cd416dfa0857648eebc19c2e3dcc08072e1e3dba5bb025594d2f55e9ce111237
- SSDEEP
  
  49152:GQEXJrPV9EQEXJrPV9EQEXJrPV9EQEXJrPV9EQEXJrPV9EQEXJrPV9EQEXJrPV9l:YxPVUxPVUxPVUxPVUxPVUxPVUxPVD
Score

10^/10

gootloader execution loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootloaderexecutionloader

behavioral2

gootloaderexecutionloader