Today > | 4 High | 23 Medium vulnerabilities   -   You can now download lists of IOCs here!

Dissecting GootLoader With Node.js

July 4, 2024, 10:53 a.m.

Description

This article demonstrates how to circumvent anti-analysis techniques employed by GootLoader malware while utilizing Node.js debugging in Visual Studio Code. GootLoader JavaScript files employ an evasion technique that can pose a formidable challenge for sandboxes attempting to analyze the malware. The malware creators leveraged time-consuming loops with arrays of functions to deliberately delay the execution of malicious code, effectively implementing a sleep period to obfuscate GootLoader's malicious nature. Through continuous collaboration and knowledge sharing, we can enhance our ability to detect, analyze, and develop effective countermeasures against such malicious software.

Date

Published: July 4, 2024, 10:30 a.m.

Created: July 4, 2024, 10:30 a.m.

Modified: July 4, 2024, 10:53 a.m.

Indicators

c853d91501111a873a027bd3b9b4dab9dd940e89fcfec51efbb6f0db0ba6687b

b939ec9447140804710f0ce2a7d33ec89f758ff8e7caab6ee38fe2446e3ac988

Attack Patterns

GootLoader

GootLoader

T1608.004

T1564.003

T1574.002

T1059.005

T1059.007

T1059.004

T1562.001

T1027