gootloader | 72e7786e7a707c3f5bbe6ab820671c124a3f4c8a6deff847114eab0e6481369e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

f78bcfb800...579.js

windows7-x64

f78bcfb800...579.js

windows10-2004-x64

Sharing

General

Target

f78bcfb8006be9862eab9ea95796547e26310c2535244f840fdade8eee63f579.zip
Size

40KB
Sample

250317-zpk3rs1qz6
MD5

cddca11b9ac429d6dd6808e9e31872b8
SHA1

d29960ce4586737bbbe65adb34945b660ab6a6c0
SHA256

72e7786e7a707c3f5bbe6ab820671c124a3f4c8a6deff847114eab0e6481369e
SHA512

67434b0511b9e711da1fdf7de4c24756880d773bb45716fbd169d448668391aa4229df07eb311b0a9be7fed49ef25510e2dc9d6fab73f44cfa67588c86893836
SSDEEP

768:iLME1aDgrVPabfJEMvCHhS3o88m17+cNmM8upDgbyd27Ar3IZGL0D:iLVIgrwbfuMvCHg3t8m151cAkAbL0D

Score

10^/10

gootloader execution loader

Static task

static1

Behavioral task

behavioral1

Sample

f78bcfb8006be9862eab9ea95796547e26310c2535244f840fdade8eee63f579.js

Resource

win7-20241010-en

gootloader execution loader

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

f78bcfb8006be9862eab9ea95796547e26310c2535244f840fdade8eee63f579.js

Resource

win10v2004-20250314-en

gootloader execution loader

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  f78bcfb8006be9862eab9ea95796547e26310c2535244f840fdade8eee63f579.js
- Size
  
  140KB
- MD5
  
  d6965f6455717a0b0bddff6d928d63e9
- SHA1
  
  0a6d31d21aa3c6457cd70811b580eba1ebaa8ff2
- SHA256
  
  f78bcfb8006be9862eab9ea95796547e26310c2535244f840fdade8eee63f579
- SHA512
  
  71474421a619f2d2e529a34d1897dcc249aeda373190bec6d0b440a93d865a8d46fc09a8bb26a15ecc350f0ade635f76babb59e7bcb50a30270b031eab5088eb
- SSDEEP
  
  3072:N+VTeMUatEduPTeAbZ0i36Gg0yPE4ABWPDrzvZ:STl0u7eA90iqGg0ylPDnZ
Score

10^/10

gootloader execution loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Gootloader family
  gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gootloaderexecutionloader

behavioral2

gootloaderexecutionloader

© 2018-2025

Terms | Privacy