gootloader | d14c42b8258c8a642a6d4b19791b5f0d046fa2811ca06beb34c088812bbeb454 | Triage

Submit
Reports

Overview

overview

Static

static

1

d14c42b825...454.js

windows7-x64

3

d14c42b825...454.js

windows10-2004-x64

Sharing

General

Target

d14c42b8258c8a642a6d4b19791b5f0d046fa2811ca06beb34c088812bbeb454.js
Size

844KB
Sample

250221-etdt2asrcr
MD5

90e6da66dd2f4a6e5758a96d238db42a
SHA1

febc0ca2102b8d97dc6ba7d4399dde1e7a9c18b1
SHA256

d14c42b8258c8a642a6d4b19791b5f0d046fa2811ca06beb34c088812bbeb454
SHA512

c22e9920752f017334ce17bae3ddbd48eb47901add7416a1671160646908fa47830de204baca95d3279da5c73c052bb0ed7bc6fb1a3a63cf2e67ae5bf54e971b
SSDEEP

24576:7WCgo+ogQc5WfNnZmD/nFKJqfJMeHD1jEOWpyQTJEFNE3NEr:7WCgo+ogQc5WfNnZmD/nAJqfnbWpyQTK

Score

10^/10

gootloader execution loader

Static task

static1

Behavioral task

behavioral1

Sample

d14c42b8258c8a642a6d4b19791b5f0d046fa2811ca06beb34c088812bbeb454.js

Resource

win7-20241023-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

d14c42b8258c8a642a6d4b19791b5f0d046fa2811ca06beb34c088812bbeb454.js

Resource

win10v2004-20250217-en

gootloader execution loader

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  d14c42b8258c8a642a6d4b19791b5f0d046fa2811ca06beb34c088812bbeb454.js
- Size
  
  844KB
- MD5
  
  90e6da66dd2f4a6e5758a96d238db42a
- SHA1
  
  febc0ca2102b8d97dc6ba7d4399dde1e7a9c18b1
- SHA256
  
  d14c42b8258c8a642a6d4b19791b5f0d046fa2811ca06beb34c088812bbeb454
- SHA512
  
  c22e9920752f017334ce17bae3ddbd48eb47901add7416a1671160646908fa47830de204baca95d3279da5c73c052bb0ed7bc6fb1a3a63cf2e67ae5bf54e971b
- SSDEEP
  
  24576:7WCgo+ogQc5WfNnZmD/nFKJqfJMeHD1jEOWpyQTJEFNE3NEr:7WCgo+ogQc5WfNnZmD/nAJqfnbWpyQTK
Score

10^/10

execution gootloader loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Gootloader family
  gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

gootloaderexecutionloader

© 2018-2025

Terms | Privacy