Gootloader and Cobalt Strike malware analysis
Common Information
| Type | Value |
|---|---|
| UUID | 613a8138-89c9-4326-9a7d-12cd12eeb0a6 |
| Fingerprint | 49d70f9317554eee3d6064d196d1f84afa395194817aabe2b18fe2c52a007494 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 12, 2022, 9:34 a.m. |
| Added to db | June 2, 2024, 10:48 a.m. |
| Last updated | Aug. 31, 2024, 7:15 a.m. |
| Headline | Gootloader and Cobalt Strike malware analysis |
| Title | Gootloader and Cobalt Strike malware analysis |
| Detected Hints/Tags/Attributes | 54/1/22 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://redcanary.com/wp-content/uploads/2022/05/Gootloader.pdf |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 1 | karbonaudit.cf |
|
| Details | Domain | 5 | kakiosk.adsparkdev.com |
|
| Details | Domain | 4 | junk-bros.com |
|
| Details | File | 376 | wscript.exe |
|
| Details | File | 44 | submit.php |
|
| Details | File | 15 | %windir%\syswow64\rundll32.exe |
|
| Details | File | 13 | %windir%\sysnative\rundll32.exe |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 1 | 85878.js |
|
| Details | Github username | 1 | dretax |
|
| Details | md5 | 4 | defb5d95ce99e1ebbf421a1a38d9cb64 |
|
| Details | md5 | 4 | 3d768691d5cb4ae8943d8e57ea83cac1 |
|
| Details | md5 | 1 | 244f990d544f1791f0bca6eea140e5d6 |
|
| Details | md5 | 1 | 26480fcc9cf3837629111995b4838137 |
|
| Details | md5 | 1 | 261fd5425a60b044c5f9a584473b2a10 |
|
| Details | IPv4 | 5 | 146.70.78.43 |
|
| Details | Url | 1 | https://github.com/dretax/dynamicdllloader. |
|
| Details | Windows Registry Key | 15 | HKEY_CURRENT_USER\SOFTWARE |
|
| Details | Windows Registry Key | 1 | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Phone\bruce.wayne\1-9999 |
|
| Details | Windows Registry Key | 1 | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Phone\bruce.wayne0\1-500 |