General
-
Target
483dbc6a9fc9f1ea132cbd0b82a87919dac672f7.js
-
Size
917KB
-
Sample
211130-p8r1baabd4
-
MD5
9a5064b66239184e3b5534a14ea32605
-
SHA1
483dbc6a9fc9f1ea132cbd0b82a87919dac672f7
-
SHA256
2ed06b6205da9430586c2b69fb932fc8af44f52e7b0412228dc893b3bce0012c
-
SHA512
88e73f0d9e12a3cbb7c5486d7fa16f3053ca9a9d6d5deda7ecb31caab0b536a2270cf5a7917a017607b3fe9ffcc1ddf6bbd69b90064272824b933041855b4b6f
Static task
static1
Behavioral task
behavioral1
Sample
483dbc6a9fc9f1ea132cbd0b82a87919dac672f7.js
Resource
win7-en-20211104
Malware Config
Extracted
xloader
2.5
pzi0
http://www.buffstaff.com/pzi0/
laylmodest.com
woruke.club
metaverseslots.net
syscogent.net
aluxxenterprise.com
lm-solar.com
lightempirestore.com
witcheboutique.com
hometech-bosch.xyz
expert-netcad.com
poteconomist.com
mycousinsfriend.biz
shineveranda.com
collegedictionary.cloud
zqlidexx.com
businessesopportunity.com
2utalahs4.com
participatetn.info
dare2ownit.com
varser.com
gxo.digital
networkroftrl.xyz
renturways.com
theprooff.com
ncgf06.xyz
lighterior2.com
one-seo.xyz
benzprod.xyz
k6tkuwrnjake.biz
robinlynnolson.com
ioptest.com
modern-elementz.com
baetsupreme.net
lapetiteagencequimonte.com
xn--bellemre-60a.com
bringthegalaxy.com
shopnobra.com
maroondragon.com
pandemictickets.com
intelligentrereturns.net
quietshop.art
anarkalidress.com
wasserstoff-station.net
filmweltruhr.com
buck100.com
maxicashprommu.xyz
studiosilhouettes.com
lightningridgetradingpost.com
zhuanzhuan9987.top
mlelement.com
krystalsescapetravels.com
simplyabcbooks.com
greenhouse1995systems.com
altogetheradhd.com
servicedogumentary.com
cdcawpx.com
motometics.com
palisadesattahoe.com
paradgmpharma.com
microexpertise.com
venkycouture.online
maculardegenerationtsusanet.com
atlasbrandwear.com
karegcc.com
Targets
-
-
Target
483dbc6a9fc9f1ea132cbd0b82a87919dac672f7.js
-
Size
917KB
-
MD5
9a5064b66239184e3b5534a14ea32605
-
SHA1
483dbc6a9fc9f1ea132cbd0b82a87919dac672f7
-
SHA256
2ed06b6205da9430586c2b69fb932fc8af44f52e7b0412228dc893b3bce0012c
-
SHA512
88e73f0d9e12a3cbb7c5486d7fa16f3053ca9a9d6d5deda7ecb31caab0b536a2270cf5a7917a017607b3fe9ffcc1ddf6bbd69b90064272824b933041855b4b6f
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-