gootloader | c83ee5e6d21a8e458941605b71d2ccde82e3258872cec8413b1a10ce6dc42cd8 | Triage

Sharing

General

Target

Advantages_and_disadvantages_of_framework_agreements_in_construction_23739.zip.7z
Size

7.0MB
Sample

241016-sz14eaxbrb
MD5

a8e5d3bb514a28e2503524a5c2896876
SHA1

620801973cf70e9c12a88521fb41754823bbc6df
SHA256

c83ee5e6d21a8e458941605b71d2ccde82e3258872cec8413b1a10ce6dc42cd8
SHA512

bbeb2fb57f62e00cef1deb1dc2807e2d396d4519d3e793bf66daf93beaa1a01106bf788fed43ae3a6e64e944bbf16a28ec3fec640c592770dd710fb91df7eeb1
SSDEEP

196608:jxqBo5ImNmoIoCtoEISOXi+BYxIyZY/YYi:jxcHqIoCy5G+IRY/YYi

Score

10^/10

gootloader execution loader

Malware Config

Targets

- Target
  
  advantages and disadvantages of framework agreements in construction 77709.js
- Size
  
  32.2MB
- MD5
  
  02190316042c1bdf2e3632ca4c826569
- SHA1
  
  e9b9f774da10818b3c61f7ef68dac423354b996c
- SHA256
  
  d496274734b61810c563a54b4fb1d3f2ac3cfd8a880e652c13f48676aedb06ba
- SHA512
  
  d270871c14b3481df15420f7952f11ff64eb3f50c6008660844c002d9da39330b45c213f366de50ba1719b79f64a7f90a8c48fd5dbc6538c1a93edb2d28bc76d
- SSDEEP
  
  49152:o7o+zjCxbOqHlp4wh6N0tAhjlLVzHYzYBmzv+8f8m35X/VqtGJ0j3q8EXXggcEY+:n
Score

10^/10

execution gootloader loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

gootloaderexecutionloader