GOOTLOADER Malware and Its Infection Chain

GOOTLOADER, a malicious software, uses business-related lures to trick victims into downloading infected .zip files. Once these files are opened, a threat actor gains a foothold, enables connections to C2 domains, and launches attacks, including data exfiltration. It leverages tools like COBALTSTRIKE and SYSTEMBC to maintain persistent network access and hide traffic. Detection opportunities include the creation of scheduled tasks by script files and unusual external connections.