General
-
Target
GLEASON_QT2309.exe
-
Size
642KB
-
Sample
210924-nf5j9sggf6
-
MD5
d601604552146dd9a412f1db8ff0cdd4
-
SHA1
8dc649c53d100c5d1f1330dc5ba33c680208d7f8
-
SHA256
3121d773a680fbac7dc37f75c38ae8ef20f1b88915cc0b83ca9bf2bf7c22ee94
-
SHA512
ae739f1a3ec1b0890dfc46a2b5d88e8cf211ecbc462539a1878e25c33c081ada166d1ad09bf859dd8e83f246d73b7bc9cf5c9f75465be7b09b0566aae50ebc34
Static task
static1
Behavioral task
behavioral1
Sample
GLEASON_QT2309.exe
Resource
win7-en-20210920
Malware Config
Extracted
xloader
2.5
g9vg
http://www.supra413.com/g9vg/
selenebrennan.com
htsfrance.com
monsieurtechno.com
argosy.city
lit-clouds.com
emilio-m.com
crashycraft.net
washmebro.com
1houroflife.com
millershaga.com
newtonpod.com
camopants.net
animator-show.com
qqzome.com
assetacre.com
letsmakeyourchoice.com
gileadpreferences.com
ecomarklifestyle.com
mivaautomotive.com
rattle100.com
askfortesting.com
majorelectricalwork.com
blockbotprofit.com
lanceseuexpert.online
zatventure.com
fitnessbykc.com
renatafaceandbodyskincare.com
opusmime.com
biyimeilou.com
soulhospitalitygroup.net
peaktradecapital.com
augmentedfact.com
petmall.website
rfmanutencoes.com
mgav40.xyz
konzertmanagement.com
thisisweenz.com
xn--42cg2czax6ptae6a.com
scienceworldapub.com
perfumeriavictory.com
ankarasinirsizescortlar.xyz
keenflat.com
fodfus.com
bright-tailor.com
spaciolb.com
pinkpolishseattle.com
homewebmailz.com
devple.com
cimehey9.xyz
tracks-clicks.com
xn--vcs93h35hgx1d.com
omightygod.com
francesmaydesign.com
partyitemshire.com
alsatkazan.com
thewhitfieldcondos.info
kevin-kwan.com
amazoncosmo.site
gamasecjapan.com
softwarenews.digital
cakeboxjamaica.com
vitale.global
bonvivanto.com
amazingsiddha.com
Targets
-
-
Target
GLEASON_QT2309.exe
-
Size
642KB
-
MD5
d601604552146dd9a412f1db8ff0cdd4
-
SHA1
8dc649c53d100c5d1f1330dc5ba33c680208d7f8
-
SHA256
3121d773a680fbac7dc37f75c38ae8ef20f1b88915cc0b83ca9bf2bf7c22ee94
-
SHA512
ae739f1a3ec1b0890dfc46a2b5d88e8cf211ecbc462539a1878e25c33c081ada166d1ad09bf859dd8e83f246d73b7bc9cf5c9f75465be7b09b0566aae50ebc34
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-