Extracted

• • Target

    l.js

  • Size

    747KB

  • MD5

    97835729c58cae6501e9b3a3776e9906

  • SHA1

    63012f62e00a491b83adaba8804d890ac809490a

  • SHA256

    a75cab3593ad35620817235a9bd7938c7adaa8b3ce12a2da20e3e145ac304346

  • SHA512

    0ed5d7c90dbb260a732dd990d40a69f0997f8390db0a4cecc18349965e052e13ff8f5ecb709b95b176cc7e3686fbb08775e4b97b2253aa7aef9a1212607e8964

  • SSDEEP

    12288:q/VoiDR8Cx2ouvoqEZTwXasSNKF+uV6VBEx2:q/Vok2tI+w

  Score

  10^/10

  warmcookiebackdoordefense_evasiondiscoveryexecution

  • Warmcookie family

    warmcookie

  • Warmcookie, Badspace

    Warmcookie aka Badspace is a backdoor written in C++.

    backdoorwarmcookie

  • Blocklisted process makes network request

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Deobfuscate/Decode Files or Information

    Payload decoded via CertUtil.

    defense_evasion

  • Drops file in System32 directory

  behavioral1behavioral2