gootloader

Sharing

Copy URL

Twitter E-mail

General

Target

a71c301f4f5faf1fb2dd44a7c38dcf7b_JaffaCakes118
Size

2.6MB
Sample

241127-lbr29sxnbw
MD5

a71c301f4f5faf1fb2dd44a7c38dcf7b
SHA1

3fcbee9772ca415dcee61395c92fec7eab962480
SHA256

3850a3586deb09cfba2a7a7837c4d9d1af712cc3bf5fd78dfdc411fb788a86eb
SHA512

d54b1793e8620cae7c75b930848e2dbe441ef8a0410612387beb4f56dcf757900b6a995cf003172ab2e4d43d0003e1920358ab4911b5125b5ac6e530e1927bac
SSDEEP

24576:VVYbWzOnA80yE23Z5EU2elH1QnxBuabsM8KGH7Co0OLeGrIocE5lArjPPz:EWzOkyrZOU2elcu08KGbNLeGMb4unz

Score

10^/10

Malware Config

Targets

- Target
  
  a71c301f4f5faf1fb2dd44a7c38dcf7b_JaffaCakes118
- Size
  
  2.6MB
- MD5
  
  a71c301f4f5faf1fb2dd44a7c38dcf7b
- SHA1
  
  3fcbee9772ca415dcee61395c92fec7eab962480
- SHA256
  
  3850a3586deb09cfba2a7a7837c4d9d1af712cc3bf5fd78dfdc411fb788a86eb
- SHA512
  
  d54b1793e8620cae7c75b930848e2dbe441ef8a0410612387beb4f56dcf757900b6a995cf003172ab2e4d43d0003e1920358ab4911b5125b5ac6e530e1927bac
- SSDEEP
  
  24576:VVYbWzOnA80yE23Z5EU2elH1QnxBuabsM8KGH7Co0OLeGrIocE5lArjPPz:EWzOkyrZOU2elcu08KGbNLeGMb4unz
Score

8^/10

discovery persistence
- Drops file in Drivers directory
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  ADVPACK.DLL
- Size
  
  90KB
- MD5
  
  0ac28de5e930e8a52ad6b163c5473412
- SHA1
  
  25371c9d876959cb58b50c25ad709cf98dde45bb
- SHA256
  
  06eed244d89f6e15205d5beb8085ac33c0de486dfe30eec9fb73b91de07e5f62
- SHA512
  
  c2c82449927cac953668142a3f597c06626b0b3a26e8036de34e4ca1042a572fa3befa799d43fb24a1d23c821b5ed7994e3d211b6aaced15ba31d4639e96d877
- SSDEEP
  
  1536:Yoyomo1DLSaGi2aoIwPlL53Qtc1qpRBvgQbiSrvxekZCg0BUwTS9wpKSnZ0jJScy:z9J0I43QtcSRNgQnLx9ZCjGw8mZ0jJST
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  W95INF16.DLL
- Size
  
  2KB
- MD5
  
  7210d5407a2d2f52e851604666403024
- SHA1
  
  242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9
- SHA256
  
  337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af
- SHA512
  
  1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68
Score

1^/10
behavioral5 behavioral6
- Target
  
  W95INF32.DLL
- Size
  
  4KB
- MD5
  
  1d432dd6fdcdef26181b74099b364d87
- SHA1
  
  b7ca40fcae22368c54b599351a23a8e26989efdc
- SHA256
  
  f5ce611c27d97b64730c7ff737eb5c669d6896455c5c915215b1d958a9a3260f
- SHA512
  
  c49383388179638f9bc5ffc94918376b2fd3d42e8f226352181544af7c05ef16fd85dbff284aa38d8040f678dc45afd38388b33328330def5b30c35d75a7d43b
- SSDEEP
  
  48:6V3Ms+BNU4M5hyaZbb4an1WbvgFfSBZW3IezfXNFk5WgF:nwyaxMaYv+aPWJXNyWg
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  fngrprnt.dll
- Size
  
  8KB
- MD5
  
  470123d0d53d2a260719025893400928
- SHA1
  
  748b42dff8d8d789ee314758d17abaeace364244
- SHA256
  
  c28feffe76ba4ae036779bf2c04d5e0a8a6a9e5db6cf60d7de861be982f96145
- SHA512
  
  80502190a71566f9093284538a1c4d1a9ac24f4bd09746e9041b1b448c44c97d672705edc188516d21374bbd7bea55ab5a19ac134959aa3a0065e9d58b06676f
- SSDEEP
  
  96:log3VxVW+PXEOwngwGpMcm2GdE9OerQE9iJwIWUlZG0FkWErBWB:lt3V98Owgw9e9vrQE9iJwRFWE1WB
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  msnphoto.scr
- Size
  
  92KB
- MD5
  
  ed04ed8dadb0743d75056e2ea55184ee
- SHA1
  
  9e1ad3c857f22453197fd9daec6c03592cdb9d8e
- SHA256
  
  acf4cfa275cc7edec34ae2e85ee47d6df85ffbdd9f7da1aecc30064235fd6d00
- SHA512
  
  45441346d64630dab07d46cc0b836071647f34462f78cbaa7defe40af631d1f3abf0d9bbb7d6799f27de3beae06b9a2d08464035900a78f2a70c5552023bdee2
- SSDEEP
  
  768:MKlYg78o8f4NCqz/JL9pMBh6vQz29LJOtJNAWO9laBqMPphjlyziBBZU9QZU9F:Jnb8fw1znpMBT29LJOlPflygzi
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  msvcr71.dll
- Size
  
  340KB
- MD5
  
  86f1895ae8c5e8b17d99ece768a70732
- SHA1
  
  d5502a1d00787d68f548ddeebbde1eca5e2b38ca
- SHA256
  
  8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe
- SHA512
  
  3b7ce2b67056b6e005472b73447d2226677a8cadae70428873f7efa5ed11a3b3dbf6b1a42c5b05b1f2b1d8e06ff50dfc6532f043af8452ed87687eefbf1791da
- SSDEEP
  
  6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  pibase.dll
- Size
  
  44KB
- MD5
  
  98bd7d3d8acc06b4c0c7390889ef0656
- SHA1
  
  d02b2657185307698b67cfb22eb8c1bb28856964
- SHA256
  
  8e8cb8ac1f26a3dd31ef22aeb50f89336944be16be61b0fd01b6b04438dc8ede
- SHA512
  
  d2c618007783b3c4c30b692ae4e17c32c6098f2b83d7912f97e8c92f21be9ffd8802f74b3caf4fdc9aac606f0c42f860ef9c2dee766d8ccbb91a551944c1c2b7
- SSDEEP
  
  768:3bEmmT0ZuoPTKaiiB+cMXm6dGqrIkxzf+ssgKzbWnDHCwzv5MrdRU0:3b9mT0ZuoPOau/Xm6gkx7+sVKzAHCwzG
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  pidav.dll
- Size
  
  80KB
- MD5
  
  96e0dcb4a51891c41cca6219fa5cbe0a
- SHA1
  
  7dad4c1d71ae6435e9a4a4ad574e68fd150b07f0
- SHA256
  
  e218e7b8508a4b2b7e0900afd9e11813863982e235343410aa6d0e8f570acdbc
- SHA512
  
  37185949f2f6ec437fee1ab73ddbb86a5073c753cdfd7b0ddd1b98eab33573f800588cbc18ae9519a1ba8dd479a44694b31010aa47ea91d9277b4023d73ced67
- SSDEEP
  
  1536:evAZHYgUUHc/zzslWyC8rIC1jc3HYNEu/MAjDsE68:eeHYg5c3N8sC5c3HRu/MAr
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  piorg.dll
- Size
  
  422KB
- MD5
  
  d433efe19fd0d9b896945f34ba839698
- SHA1
  
  ade6c8c2732fd18308b512986a485dff40a70774
- SHA256
  
  81b9f877f9198a761f820a0ea2b02eb3db85750011e50997560391dc2f160c64
- SHA512
  
  97d2d2ceba05339a830ee5ad2a1dd9667dbf7dc17b5bf4509eb72c8c6a45214756539bab2a4e7d6a663ba67a9de73878e82e7582240e3a5f76bdb1ab8bc0324f
- SSDEEP
  
  12288:ZcqDvHI2ibCwvkqzcHKd6D/Galxp+814:aqDvHIfbCwZ4HKdQ/Gee81
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  piorgres.dll
- Size
  
  239KB
- MD5
  
  b294757974b9d75185ed39b1b6a2fd89
- SHA1
  
  8abb26a5bfaeb1765aa114d8f2cc3b4b01ed4e57
- SHA256
  
  80b63a6d100879f040ccc4e409bca0698a176cbd2cfa843087b0d3668c18451e
- SHA512
  
  6b2654222bc7b25784b17ef9b3d7667add7525e5d5b0fabfed7eaf2317466db2eaaea11a32580b9aac2d268e3a1c5b2e6b6afc1a8b8a760c44902a94a0b29dec
- SSDEEP
  
  3072:sEaDYiwB1CEaEt9unZA4WNfDjE7AxEhGyT0pzwyWhXWdWzWAWTWsWRW8W4WdZ63L:8b9d1vakwj
Score

1^/10
behavioral21 behavioral22
- Target
  
  pisync.dll
- Size
  
  192KB
- MD5
  
  7a53619ab1d41dba3a1093dce1358428
- SHA1
  
  4ab318c3b9e337ecf065ceda96b10041c0febc1c
- SHA256
  
  b024947095d3af84f47a45a35bf2647bb8a0f871c2742266b369f0ac5f735ec1
- SHA512
  
  d34c632fcf9819fd14dbef16ee70fa2adc6cf99ed540c4e3939107c6db5b94d1cf396f4f50473fb901ee1062ac98b86e82a8e50326ee6ea3c3a8597d0c0001f8
- SSDEEP
  
  3072:YiTikrj+WJkQoUH9Ak6i2E/ekk82pvq21V3MzBXiaUqRAp9ARbGA:YAPaUHIi2p5vqQNMzZ1NNbGA
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  pisynctw.exe
- Size
  
  52KB
- MD5
  
  5c6080d433f02d8f173ec738af8b451f
- SHA1
  
  137bb1172b6faeeaafb7b09026182a4fc0e030ad
- SHA256
  
  bb4a4cd4f0808bfe62b4c3024d099a78dc322ee579756a35fcbe3f8160dbbc0f
- SHA512
  
  8b091d09b19df1f9ebcc97a39b4c9e2dab840ecd7448aea53c33d3809185b07be8b58c7c56e058596d591348529cb8b29508f6769b30568d149a64ec0ec22c0e
- SSDEEP
  
  192:AROGjHNLN8G0KRdZMFu2tx+8dE3UzSYUrGuuvVKRdZMFu2tx+8dE3UzSYUrGuu30:+ty1xq3UZU9a1xq3UZU91WS6eW
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  piview.dll
- Size
  
  304KB
- MD5
  
  4e47d1d28edd06317f7f831e2f8075f2
- SHA1
  
  831ac6c58973e0aa5db943194e89424603be0e78
- SHA256
  
  b1b03e634c085aab68e3f2c78fdcdcc745e8341c0dff6c494e88911b81a61dbc
- SHA512
  
  9baa53338e159ae1ada33b0cf2ad07e039a18604e957d022d66fa4b5bf192eb2b4be9dd0120f4a6edc012f211ff831cc2d59c2fb3a40c8580874ff6ce0c57e6a
- SSDEEP
  
  6144:5VhcVqFFpODc/Mwa1ynTNanTz+STVWmOnPo+eHr5:raVqFeDcEwiiTUHr5
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  slides~1.js
- Size
  
  162KB
- MD5
  
  cf9dda1c54df6502cf15b68220fbaab6
- SHA1
  
  3b49ca279ae8d2b02c0ec898562212001c34d715
- SHA256
  
  5deb9766faf4d8be4d4d9e56360e5bdc985da19ad8e2d94e1a80a59eaecad916
- SHA512
  
  e7a6c45b8a11723b2f03d3ffd8cfc964382039c6d657fa4b7d7fbd05c42255c7aa2b83d4ac2312cbdf0b2457833e4a70864e23c788df501d45e6dccd5b8a65e2
- SSDEEP
  
  3072:8ZPe5rSdqQocrWMM0OmRxNYZBdCfOqWbUVZc66A9BM2sT/vRUMtwvaJOuMhWvsT3:8ZGcd5M0xwZBdCfOqSUVZc66A9BM2sTO
Score

10^/10

gootloader execution loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Gootloader family
  gootloader
behavioral29 behavioral30
- Target
  
  startup.js
- Size
  
  19KB
- MD5
  
  82dac91011c75b5e433e29ab43780c8c
- SHA1
  
  23438c2e48ea5324cf3a9727320474540e5cdd45
- SHA256
  
  1cc5e3ce8704492f87932983847c8c5a2be2aac1a4744b9fc5d0749efcd27321
- SHA512
  
  bb0d1e0d50dc0eaca926ad1246ee0c54e587468ffc65adfcf8e9df2881661394ae8c8eb32d9b60c8e70c45350d111489f6aa1ce61fb420c087545c1dfd4dc85d
- SSDEEP
  
  384:Xinc4ae4ySOL8uDbGWUUbLkXj9vnC5N9PaW1EN6xNX+DjkJq:ync4ae4BOaWsXj5EXD+DjZ
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Drops file in Drivers directory

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Drops file in System32 directory

Gootloader family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32