General
-
Target
where_are_billing_agreements_in_paypal44719.js
-
Size
9.0MB
-
Sample
241011-s147fszcpc
-
MD5
a0d20f1a37a1a6cf597fb88b46d3adb6
-
SHA1
32d273e782822067a59da5233f81fea827f7a3d6
-
SHA256
634a0445dadb743f7aeba2ae1e21b5fbbdc0f97b8dee7c05956af13b9b71a20f
-
SHA512
eee428877297df38e8fe3468e7da8640887d291b43ae2cc2beaec239e31dc6aa18d849b7fd50b067a02d79d53041864d57d1e4f11a198e1543c474290886853d
-
SSDEEP
49152:cvcjJPV9ivcjJPV9ivcjJPV9ivcjJPV9ivcjJPV9ivcjJPV9ivcjJPV9l:fPVbPVbPVbPVbPVbPVbPVD
Malware Config
Targets
-
-
Target
where_are_billing_agreements_in_paypal44719.js
-
Size
9.0MB
-
MD5
a0d20f1a37a1a6cf597fb88b46d3adb6
-
SHA1
32d273e782822067a59da5233f81fea827f7a3d6
-
SHA256
634a0445dadb743f7aeba2ae1e21b5fbbdc0f97b8dee7c05956af13b9b71a20f
-
SHA512
eee428877297df38e8fe3468e7da8640887d291b43ae2cc2beaec239e31dc6aa18d849b7fd50b067a02d79d53041864d57d1e4f11a198e1543c474290886853d
-
SSDEEP
49152:cvcjJPV9ivcjJPV9ivcjJPV9ivcjJPV9ivcjJPV9ivcjJPV9ivcjJPV9l:fPVbPVbPVbPVbPVbPVbPVD
Score10/10-
GootLoader
JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-