Overview

overview

10

Static

static

1

HEALTH~1.js

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HEALTH~1.JS

  • Size

    40.9MB

  • Sample

    240625-v2wykswbqq

  • MD5

    824d5bcd852dc88ed910aa389d633cf9

  • SHA1

    c625adb17c37b82664a1184f92d7ba1c2af24d5e

  • SHA256

    a34888ebb245884b289342bfbd9bbbba5b4a2b95fb7ad40daf6d1566cde9f712

  • SHA512

    7f1983973a569824b5f3c8ad84048030a5a1ac9228d6852eac6e004ec4cf8e44d1bb71757f9e7e625fa64b54fae9f31cc0dae20903839ffe6d8eef8a0b50f85f

  • SSDEEP

    6144:hbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbV:3

Score
10/10
gootloaderexecutionloader

Malware Config

Targets

    • Target

      HEALTH~1.JS

    • Size

      40.9MB

    • MD5

      824d5bcd852dc88ed910aa389d633cf9

    • SHA1

      c625adb17c37b82664a1184f92d7ba1c2af24d5e

    • SHA256

      a34888ebb245884b289342bfbd9bbbba5b4a2b95fb7ad40daf6d1566cde9f712

    • SHA512

      7f1983973a569824b5f3c8ad84048030a5a1ac9228d6852eac6e004ec4cf8e44d1bb71757f9e7e625fa64b54fae9f31cc0dae20903839ffe6d8eef8a0b50f85f

    • SSDEEP

      6144:hbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbV:3

    Score
    10/10
    gootloaderexecutionloader

    • GootLoader

      JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

      loadergootloader

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

2
T1059

PowerShell

1
T1059.001

JavaScript

1
T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks