gootloader | d253b9abc09388c08c3aa790170dd331c6f397660dfd9df5e82e0d4e55262797 | Triage

Submit
Reports

Overview

overview

Static

static

1

reflection...17).js

windows10-ltsc 2021-x64

reflection...17).js

windows11-21h2-x64

Sharing

General

Target

reflection_questions_on_the_four_agreements(97717).js
Size

6.6MB
Sample

241111-ycjthavcnm
MD5

dfb3deaf1c98ddd0d67ec2548578b458
SHA1

4759f324b5691a442c7ca14a5c697d2d5ae4cb9a
SHA256

d253b9abc09388c08c3aa790170dd331c6f397660dfd9df5e82e0d4e55262797
SHA512

d82698f5ff17c4aa7dd52423a0dfe5f1b623f2f9827bb852b0a3b6ba37abbea98ff3be150cc682691f63bc1963f06f52fdb6b332c41f5a20ccc774716c7c9c92
SSDEEP

49152:tQwFnjXKwrF9aJt/s+LfHQEQwFnjXKwrF9aJt/s+LfHQEQwFnjXKwrF9aJt/s+LH:tYYYYC

Score

10^/10

gootloader execution loader

Static task

static1

Behavioral task

behavioral1

Sample

reflection_questions_on_the_four_agreements(97717).js

Resource

win10ltsc2021-20241023-en

gootloader execution loader

windows10-ltsc 2021-x64

11 signatures

1200 seconds

Behavioral task

behavioral2

Sample

reflection_questions_on_the_four_agreements(97717).js

Resource

win11-20241007-en

gootloader execution loader

windows11-21h2-x64

8 signatures

1200 seconds

Malware Config

Targets

- Target
  
  reflection_questions_on_the_four_agreements(97717).js
- Size
  
  6.6MB
- MD5
  
  dfb3deaf1c98ddd0d67ec2548578b458
- SHA1
  
  4759f324b5691a442c7ca14a5c697d2d5ae4cb9a
- SHA256
  
  d253b9abc09388c08c3aa790170dd331c6f397660dfd9df5e82e0d4e55262797
- SHA512
  
  d82698f5ff17c4aa7dd52423a0dfe5f1b623f2f9827bb852b0a3b6ba37abbea98ff3be150cc682691f63bc1963f06f52fdb6b332c41f5a20ccc774716c7c9c92
- SSDEEP
  
  49152:tQwFnjXKwrF9aJt/s+LfHQEQwFnjXKwrF9aJt/s+LfHQEQwFnjXKwrF9aJt/s+LH:tYYYYC
Score

10^/10

gootloader execution loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Gootloader family
  gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootloaderexecutionloader

behavioral2

gootloaderexecutionloader

© 2018-2024

Terms | Privacy