gootloader | acbf6dc9f6aad87dd250258eee760a5c58617d6a18df4b5ee48b831a29deea4e | Triage

Resubmissions

12-12-2024 13:36

241212-qwaqyawjax 10

11-12-2024 18:29

241211-w5ap7aykfp 10

Sharing

General

Target

PARTNE_1.JS.zip.zip
Size

39KB
Sample

241211-w5ap7aykfp
MD5

7d886e217347814ab06be04c28bee789
SHA1

b64011b73badcb53dac8b8d6ce4ad7cd5724ad52
SHA256

acbf6dc9f6aad87dd250258eee760a5c58617d6a18df4b5ee48b831a29deea4e
SHA512

86bf4aeaa7d982f465e9cb845d669af0573666f2f478af54a88829fd57f82cd57e0cc16507ba82f58ce354b9f4010c4770cb540d927530b89ba935563cc06f3e
SSDEEP

768:c0LtZ7VsWupkn9ylmKJ7irHJ4SXhZKxQZ/s0d9ChsqBA9aju8o:cyZJAgycBVxhcxmk0d9CSuVuJ

Score

10^/10

gootloader execution loader

Malware Config

Targets

- Target
  
  PARTNE~1.JS
- Size
  
  4.8MB
- MD5
  
  c9d5adc4792cfe69dfca70af9bc052e9
- SHA1
  
  4d32c2ac090e376d9e904742efa92875aa1d7f2d
- SHA256
  
  b5714c08796a133195e3afac3bb78368a5432472b22fce5f5c4ba64a052d820f
- SHA512
  
  055a9312d0ff71335ef7425757595ebfd308114b8018493938aa1cdf061b947fcec6171afe9cd77533768ec46de70f0cea00da3b492ad59585a6d46c9079dbc1
- SSDEEP
  
  3072:uDY4DY4DY4DY4DY4DY4DY4DY4DY4DY4DY4DY4DY4DY4DY4DY4DY4DY4DY4DY4DY7:z
Score

10^/10

gootloader execution loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Gootloader family
  gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootloaderexecutionloader

behavioral2

gootloaderexecutionloader