General
-
Target
QT24417603.js
-
Size
864KB
-
Sample
220315-rpks1acfd7
-
MD5
fe330e62ee592637466d5def2358afa8
-
SHA1
62bb2ec1f62e38b9c2605ba661b85ac10cddefe0
-
SHA256
f44d75390275e2f15ea0111de765cdaede7436331101363ba1db17b74f8cd88e
-
SHA512
ba59ac6e0070aae34b5cc98b6ba041f21fbbb52cd2e4551bc30a0570aa48175abb2c2aef14886bfc54128d080558e5dfd20f8800f572d7286dfa242c7032a9d2
Static task
static1
Behavioral task
behavioral1
Sample
QT24417603.js
Resource
win7-20220311-en
Malware Config
Extracted
xloader
2.5
qatv
sexycurvycool.com
webundefinedstaging.website
gaspeehaze.com
adomnaturals.com
best10canadianreviews.info
nikekogan.com
5537sbishop.info
khonnaisoi.com
cures8t.com
garthoaks.com
belvederepharmagroup.com
chivo.plus
qishanlin.top
ccjon1.com
biz-financeagency.com
bdqimeng88.top
3-little-pigs.com
ord13route.art
webku-trial.xyz
ncgf28.xyz
nickatwoodrealestate.com
123piezas.com
woodju.com
afmview.com
travessiacursos.com
shreerragroindustries.com
lilacw.com
travelingbrunchbesties.com
cityloot.net
healthspecialist.info
kaliseastrand.com
jecoman.com
ystmo.com
lifecoach.directory
callahaninsurancegroup.com
commercialglassreplacement.com
webesluts.com
h5aolyhh6.com
drgcatherine.com
ronas.top
thevoilagroup.com
diemcrypto.tools
invest68.com
eleinmsa.xyz
sddn3.xyz
7dakka.online
endesasoluciounica.com
authenticinvesments.com
texasjusticelawyers.com
canada-settlement.com
outlook-admins.com
primarywatch.com
kaboomslots.email
innoattic.com
upstreetbarbershop.com
trulyproofreading.com
calciumsignaling.com
13977999.com
sheriffindiana.biz
uncorrectly.com
jjyymh.com
worldpasspassport.com
yjwnktaz.com
royalknightent.store
swachharepolymix.com
Targets
-
-
Target
QT24417603.js
-
Size
864KB
-
MD5
fe330e62ee592637466d5def2358afa8
-
SHA1
62bb2ec1f62e38b9c2605ba661b85ac10cddefe0
-
SHA256
f44d75390275e2f15ea0111de765cdaede7436331101363ba1db17b74f8cd88e
-
SHA512
ba59ac6e0070aae34b5cc98b6ba041f21fbbb52cd2e4551bc30a0570aa48175abb2c2aef14886bfc54128d080558e5dfd20f8800f572d7286dfa242c7032a9d2
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-