{
  "name": "Dissecting GootLoader With Node.js",
  "slug": "dissecting-gootloader-with-nodejs",
  "description": "This article demonstrates how to circumvent anti-analysis techniques employed by GootLoader malware while utilizing Node.js debugging in Visual Studio Code. GootLoader JavaScript files employ an evasion technique that can pose a formidable challenge for sandboxes attempting to analyze the malware. The malware creators leveraged time-consuming loops with arrays of functions to deliberately delay the execution of malicious code, effectively implementing a sleep period to obfuscate GootLoader's malicious nature. Through continuous collaboration and knowledge sharing, we can enhance our ability to detect, analyze, and develop effective countermeasures against such malicious software.",
  "published": "2024-07-04T08:30:28+00:00",
  "created_at": "2024-07-04T08:30:28+00:00",
  "modified_at": "2024-07-04T08:53:41+00:00",
  "created_at_opencti": "2024-07-04T08:30:28+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-07-04",
    "anti-analysis",
    "deobfuscation",
    "evasion",
    "gootloader",
    "javascript"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "c853d91501111a873a027bd3b9b4dab9dd940e89fcfec51efbb6f0db0ba6687b"
      },
      {
        "id": "",
        "name": "b939ec9447140804710f0ce2a7d33ec89f758ff8e7caab6ee38fe2446e3ac988"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:d1cb5e66445170f0",
        "name": "GootLoader",
        "slug": "gootloader"
      }
    ],
    "intrusion_sets": [
      {
        "id": "ee2ce965-cc8d-4826-bb9a-fc4daeeb83c9",
        "name": "GootLoader",
        "slug": "gootloader"
      }
    ],
    "attack_patterns": [
      {
        "id": "30f6a233-a437-4146-987a-3e42ae12889a",
        "name": "T1608.004"
      },
      {
        "id": "dea4e00b-6e38-4223-a0f2-8a44e403019b",
        "name": "T1564.003"
      },
      {
        "id": "e8422fc8-8365-4a6a-a556-d6ec16cb4e5d",
        "name": "T1574.002"
      },
      {
        "id": "9e784d22-5a6c-4da6-968a-5fab2f019efd",
        "name": "T1059.005"
      },
      {
        "id": "9322d33b-00c1-4f99-9f1a-a33d93c0dac2",
        "name": "T1059.007"
      },
      {
        "id": "2e0c6db7-16a7-4bf6-992e-263474014fce",
        "name": "T1059.004"
      },
      {
        "id": "7364ca96-72bf-4b7f-afef-ce2583b1ed58",
        "name": "T1562.001"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      }
    ]
  },
  "external_refs": [
    "https://unit42.paloaltonetworks.com/javascript-malware-gootloader/",
    "https://otx.alienvault.com/pulse/668679c485ce0c1013c38e18"
  ]
}