General

  • Target

    union_of_taxation_employees_collective_agreement66444.js

  • Size

    6.4MB

  • Sample

    241012-tv917atfmq

  • MD5

    6a18d361f72b5a9c255452fa8f0f9182

  • SHA1

    0f8299b5d413624e1c240242e8d70d16ec3e5bd8

  • SHA256

    78916a8a20fee326c042ffb7fde4de07ce3e658054a4f3b7f4c486454f79cb2b

  • SHA512

    0c9deb8b068524d932a26bf3d3fe89ee4c35e0d98c1bf08684d58123ac09db82494edced96658bae86cf6e4b2cada590be04b78dd450ac1ce30f1ce952418565

  • SSDEEP

    49152:fUD7dUPV9RUD7dUPV9RUD7dUPV9RUD7dUPV9RUD7dUPV9l:qaPVuaPVuaPVuaPVuaPVD

Malware Config

Targets

    • Target

      union_of_taxation_employees_collective_agreement66444.js

    • Size

      6.4MB

    • MD5

      6a18d361f72b5a9c255452fa8f0f9182

    • SHA1

      0f8299b5d413624e1c240242e8d70d16ec3e5bd8

    • SHA256

      78916a8a20fee326c042ffb7fde4de07ce3e658054a4f3b7f4c486454f79cb2b

    • SHA512

      0c9deb8b068524d932a26bf3d3fe89ee4c35e0d98c1bf08684d58123ac09db82494edced96658bae86cf6e4b2cada590be04b78dd450ac1ce30f1ce952418565

    • SSDEEP

      49152:fUD7dUPV9RUD7dUPV9RUD7dUPV9RUD7dUPV9RUD7dUPV9l:qaPVuaPVuaPVuaPVuaPVD

    • GootLoader

      JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks