MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1bc77b013c83b5b075c3d3c403da330178477843fc2d8326d90e495a61fbb01f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GootLoader

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	1bc77b013c83b5b075c3d3c403da330178477843fc2d8326d90e495a61fbb01f
SHA3-384 hash:	b698ef836a8f4020984e275e79fba763db92c35d2d384145888fb52396b7be48f9a00c877cc170781cadbc7b71a42a2c
SHA1 hash:	ba567300a0d29024be5e9915b70e51314a402da1
MD5 hash:	2797db18134b41a0ad99af69caff1869
humanhash:	burger-florida-kentucky-washington
File name:	1bc77b013c83b5b075c3d3c403da330178477843fc2d8326d90e495a61fbb01f
Download:	download sample
Signature	GootLoader Create hunting rule
File size:	293'164 bytes
First seen:	2023-12-26 06:47:34 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	6144:rJshiVlV+TCtlmhToeKpL9YmD2kK8o1JEjPx+WK+978FyWc8L/dCneeNzIPfTv04:7lL9YmDF00Px+WK+978FyQsR+PfwA+up
TLSH	T14854B4D9F78D112E423231AAAC2E12CDB77DD171560458AEFD4D497C24A083D83BAF7A
Reporter	struppigel
Tags:	Downloader GootLoader js jscript

Intelligence

File Origin

# of uploads :

# of downloads :

229

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.JS.Dropper-AAFB.8472.22985.UNOFFICIAL

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

86%

Link:

https://www.filescan.io/uploads/658a7722b855eb3693f81efe/reports/4c086dfb-c4db-4578-9554-c9f513add7ab/overview

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/1bc77b013c83b5b075c3d3c403da330178477843fc2d8326d90e495a61fbb01f

Result

Verdict:

MALICIOUS

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/1367328

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

JScript performs obfuscated calls to suspicious functions

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Potential evasive JS / VBS script found (domain check)

System process connects to network (likely due to code injection or exploit)

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Behaviour

Behavior Graph:

Download SVG

Score:

Verdict:

Benign

File Type:

ASCII

Link:

https://malprob.io/report/1bc77b013c83b5b075c3d3c403da330178477843fc2d8326d90e495a61fbb01f

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1bc77b013c83b5b075c3d3c403da330178477843fc2d8326d90e495a61fbb01f/

Threat name:

Script-JS.Trojan.Gootloader

Status:

Malicious

First seen:

2022-05-12 01:48:05 UTC

File Type:

Text (JavaScript)

AV detection:

16 of 37 (43.24%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=dpdxwaj4qo23a5od2pcahwrtaf4eo6cd7qwygjwzbzevuyp3wapq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.60

Link:

https://yomi.yoroi.company/submissions/1bc77b013c83b5b075c3d3c403da330178477843fc2d8326d90e495a61fbb01f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample