MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c1029f0b5f4f6dfbe0fe656f075cbb5ccc2fc308087db21438d73394b75ea020. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GootLoader

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	c1029f0b5f4f6dfbe0fe656f075cbb5ccc2fc308087db21438d73394b75ea020
SHA3-384 hash:	6d8a0bfa0212f84ee7e6c763a27d779ca6e403de0665ceaa50d788715b433dac12857331c4f316b87b7b5501355a503c
SHA1 hash:	2a32c3edb7edf4353f0aa1e8e4908f843b255214
MD5 hash:	4dd369b5e028beebe3aa5c980960c502
humanhash:	speaker-oscar-xray-carolina
File name:	making_a_contract_legally_binding_30040.js
Download:	download sample
Signature	GootLoader Create hunting rule
File size:	293'088 bytes
First seen:	2022-05-27 13:09:17 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	6144:rJshNVlV+TCtlFhTIeKpOcYmD2zK8w6JEDPx+WK+978FyW48L/dCaYNNEIPfbv0N:48OcYmD4/EPx+WK+978FyMheNPfhA+up
TLSH	T18254B4D9F78D112E423231AAAC2E12CDB77CD171560458AEFD4D597C24A083D83BAF7A
Reporter	0x746f6d6669
Tags:	GootLoader js

Intelligence

File Origin

# of uploads :

# of downloads :

357

Origin country :

n/a

Vendor Threat Intelligence

Verdict:

No Threat

Threat level:

2/10

Confidence:

100%

Tags:

control.exe expand.exe replace.exe update.exe

Link:

https://www.filescan.io/uploads/6290cd87945ebb7eb17deb62/reports/f5ad2308-5637-4285-84b6-674a076f8f4d/overview

Result

Verdict:

UNKNOWN

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/1002631

Signature

System process connects to network (likely due to code injection or exploit)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c1029f0b5f4f6dfbe0fe656f075cbb5ccc2fc308087db21438d73394b75ea020/

Threat name:

Script.Trojan.Heuristic

Status:

Malicious

First seen:

2022-05-27 13:10:08 UTC

File Type:

Text (JavaScript)

AV detection:

6 of 26 (23.08%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=yebj6c27j5w7xyh6mvxqoxf3ltgc7qyibb63efby24zzjn26uaqa._file

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/220527-qectzaegfn/

Behaviour

Modifies system certificate store

Script User-Agent

Blocklisted process makes network request

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.60

Link:

https://yomi.yoroi.company/submissions/c1029f0b5f4f6dfbe0fe656f075cbb5ccc2fc308087db21438d73394b75ea020

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample