gootloader | 95e2205bfcc9cd16ce54c703dd3f514e49d6a606f8265fbf77b60388ba0fb00c | Triage

Submit
Reports

Overview

overview

Static

static

1

airline ba...221.js

windows7-x64

airline ba...221.js

windows10-2004-x64

Sharing

General

Target

airline baggage agreement 31221.js
Size

8.8MB
Sample

240614-rvzjcaybqm
MD5

ca93562528adff608bee7c962c65ed02
SHA1

8b2d9cb6f0133522f765c0de5222c24640ac1c4b
SHA256

95e2205bfcc9cd16ce54c703dd3f514e49d6a606f8265fbf77b60388ba0fb00c
SHA512

ed3a37a286297c2036e184e74073a8cbb6158ed2425ee16d1f6ddacc6803561758adee1c6828fce374abfdde492b2d5be8052664836e1db82f709c4a0a839b47
SSDEEP

49152:6ytwpCQK+7cytwpCQK+7cytwpCQK+7cytwpCQK+7cytwpCQK+7cytwpCQK+7cytd:H

Score

10^/10

gootloader execution loader

Static task

static1

Behavioral task

behavioral1

Sample

airline baggage agreement 31221.js

Resource

win7-20240221-en

gootloader execution loader

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

airline baggage agreement 31221.js

Resource

win10v2004-20240611-en

gootloader execution loader

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  airline baggage agreement 31221.js
- Size
  
  8.8MB
- MD5
  
  ca93562528adff608bee7c962c65ed02
- SHA1
  
  8b2d9cb6f0133522f765c0de5222c24640ac1c4b
- SHA256
  
  95e2205bfcc9cd16ce54c703dd3f514e49d6a606f8265fbf77b60388ba0fb00c
- SHA512
  
  ed3a37a286297c2036e184e74073a8cbb6158ed2425ee16d1f6ddacc6803561758adee1c6828fce374abfdde492b2d5be8052664836e1db82f709c4a0a839b47
- SSDEEP
  
  49152:6ytwpCQK+7cytwpCQK+7cytwpCQK+7cytwpCQK+7cytwpCQK+7cytwpCQK+7cytd:H
Score

10^/10

gootloader execution loader
- GootLoader
  JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
  loader gootloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gootloaderexecutionloader

behavioral2

gootloaderexecutionloader

© 2018-2024

Terms | Privacy