Gootloader walkthrough
May 24, 2024, 8:55 a.m.
Tags
External References
Description
The analysis delves into the intricate workings of the Gootloader malware campaign. Through a meticulously crafted social engineering scheme involving SEO poisoning and fake forums, threat actors lure unsuspecting victims into downloading a malicious JavaScript file disguised as a legitimate resource. This initial payload creates persistence via scheduled tasks, leading to further PowerShell execution and attempts to connect to malicious command and control servers, enabling data exfiltration and other nefarious actions.
Date
Published: May 24, 2024, 8:29 a.m.
Created: May 24, 2024, 8:29 a.m.
Modified: May 24, 2024, 8:55 a.m.
Indicators
f8f3fa45eced0c32fbbf912f3f8ba6100a8b59e14f12a125c88340a47cf7e57b
a92381a403a1463b64ebc547de7ec2a4225a7755d23c4e56503582b9cb33c3c8
2efabb155d9d8fc56b5eb3dfdc83b3f3f9099a7c0bc87ff8f9b7550d587d5b35
http://clintkustoms.com/manual.php
virdo.ir
shoreditchtownhall.com
sachverstaendiger-fenster.net
pureapks.xyz
montebello6.se
clintkustoms.com
budgetvm.com
ashleyhomeonline.com
Attack Patterns
Gootloader
T1053.005
T1059.005
T1059.003
T1059.001
T1059.007
T1059.004
T1547
T1059