General
-
Target
ORIGINAL - External - STAGE1-cancellation of contract letter format 59607 - ORIGINAL.js
-
Size
844KB
-
Sample
250220-1trlsaxqw2
-
MD5
864fde6b86995179f9c1c3216cac78eb
-
SHA1
8e4adaea7b49cf4dbc8817ed7723c67e4458a56f
-
SHA256
fb8dfbd0bc32eb573ca3d103f6e655e566ac674e446bcd9836037ad32b5eeae1
-
SHA512
69a8daabbf331cb9845ab895f18c45fc47d7dd03e862171321dae15cc0b1a9b5cf2efba8fa343fcef71f89cf60ea687fa1aeafd5523efeb57a63dd4cd247481d
-
SSDEEP
24576:TUCgo+ogQc5WfNnZmD/nQt2qBvieJ9LEfWpyQTaEFNE3NEr:TUCgo+ogQc5WfNnZmD/nw2qBDeWpyQTZ
Malware Config
Targets
-
-
Target
ORIGINAL - External - STAGE1-cancellation of contract letter format 59607 - ORIGINAL.js
-
Size
844KB
-
MD5
864fde6b86995179f9c1c3216cac78eb
-
SHA1
8e4adaea7b49cf4dbc8817ed7723c67e4458a56f
-
SHA256
fb8dfbd0bc32eb573ca3d103f6e655e566ac674e446bcd9836037ad32b5eeae1
-
SHA512
69a8daabbf331cb9845ab895f18c45fc47d7dd03e862171321dae15cc0b1a9b5cf2efba8fa343fcef71f89cf60ea687fa1aeafd5523efeb57a63dd4cd247481d
-
SSDEEP
24576:TUCgo+ogQc5WfNnZmD/nQt2qBvieJ9LEfWpyQTaEFNE3NEr:TUCgo+ogQc5WfNnZmD/nw2qBDeWpyQTZ
Score10/10-
GootLoader
JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
-
Gootloader family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-