Resubmissions

06-11-2024 14:58

241106-scaypssgpq 10

05-11-2024 08:20

241105-j8fdmaxkbv 10

04-11-2024 22:26

241104-2cpxasxrdy 10

General

  • Target

    Dr. Lalusin-form_cheque_request_ff-NRGH-Site Visit.js

  • Size

    281KB

  • Sample

    241104-2cpxasxrdy

  • MD5

    710137b0c23b5aeab171afcde3098416

  • SHA1

    7acab22c5c54d9ed4db06e0baf882b6da3e34f05

  • SHA256

    12151d0287a0c4974d42aef01f5f6f35dd69021ffe4d01adb804962d423534d4

  • SHA512

    55456ecd1e3485c073cae90a7aafe78b9082542efba7ba5dda246a9685c202763c2d5a01f32e9d9b32b13fe90cc9e5e81b21e02be5a064cbfd5d5dc0ba30ea24

  • SSDEEP

    6144:he3Ih6n3cpC1ywXTgjL64OfbsD5QHFmnIIJF28s8OvMIcI1fEZaATRZtr:h+D4OfsqFmu8TMMO1fEZaATtr

Malware Config

Targets

    • Target

      Dr. Lalusin-form_cheque_request_ff-NRGH-Site Visit.js

    • Size

      281KB

    • MD5

      710137b0c23b5aeab171afcde3098416

    • SHA1

      7acab22c5c54d9ed4db06e0baf882b6da3e34f05

    • SHA256

      12151d0287a0c4974d42aef01f5f6f35dd69021ffe4d01adb804962d423534d4

    • SHA512

      55456ecd1e3485c073cae90a7aafe78b9082542efba7ba5dda246a9685c202763c2d5a01f32e9d9b32b13fe90cc9e5e81b21e02be5a064cbfd5d5dc0ba30ea24

    • SSDEEP

      6144:he3Ih6n3cpC1ywXTgjL64OfbsD5QHFmnIIJF28s8OvMIcI1fEZaATRZtr:h+D4OfsqFmu8TMMO1fEZaATtr

    • GootLoader

      JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

    • Gootloader family

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks