General

  • Target

    advantages_and_disadvantages_of_framework_agreements61632.zip

  • Size

    1.1MB

  • Sample

    241016-xnbftszgjq

  • MD5

    24114b28d2adab57c06b22e0ae59fc05

  • SHA1

    5d77b862448b16156febbf9170b3fb044fdbede7

  • SHA256

    c024fd9d78c0f6e19b716600225d2dd97c9b32e7585c53f854fe214cf1d65c3f

  • SHA512

    1317dccca6a2eac591d40bdba109d154ce561b328254abb8b28a738cabe7f5461913784e1ff9c876126a1af7ad2130a6b31f9cc025eceee9ad137170dc123a80

  • SSDEEP

    24576:mfh3QyLoWecui2XKruwPB9eNBJglbJrg0oRAJuV0npVqF/:Kh3Dfemt5PGHGl7nJnnpVc/

Malware Config

Targets

    • Target

      advantages_and_disadvantages_of_framework_agreements(61632).js

    • Size

      5.1MB

    • MD5

      b1b03f3c9310cff3e830b9d3abebd5c4

    • SHA1

      c9c72acc103a6ee6d51f2d71624fe578cbe84e04

    • SHA256

      91d64d6f9153c8fc00d48a9e2ba0f945920f8e18ef2cd3d46d8ef022ce7d8483

    • SHA512

      c6dcbf8ee8db4256ff7ad16da56e041be75c9ef9ef3b8a7dc7603bfe80917578cdb20c3bf783fc774073d781dd449be88e56359f715ae05b685625275d8687ba

    • SSDEEP

      49152:8MRKvMLPV9yMRKvMLPV9yMRKvMLPV9yMRKvMLPV9l:N9PVB9PVB9PVB9PVD

    • GootLoader

      JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks