General
-
Target
QT24417603.js
-
Size
864KB
-
Sample
220315-rpks1acfd7
-
MD5
fe330e62ee592637466d5def2358afa8
-
SHA1
62bb2ec1f62e38b9c2605ba661b85ac10cddefe0
-
SHA256
f44d75390275e2f15ea0111de765cdaede7436331101363ba1db17b74f8cd88e
-
SHA512
ba59ac6e0070aae34b5cc98b6ba041f21fbbb52cd2e4551bc30a0570aa48175abb2c2aef14886bfc54128d080558e5dfd20f8800f572d7286dfa242c7032a9d2
Malware Config
Extracted
xloader
2.5
qatv
sexycurvycool.com
webundefinedstaging.website
gaspeehaze.com
adomnaturals.com
best10canadianreviews.info
nikekogan.com
5537sbishop.info
khonnaisoi.com
cures8t.com
garthoaks.com
belvederepharmagroup.com
chivo.plus
qishanlin.top
ccjon1.com
biz-financeagency.com
bdqimeng88.top
3-little-pigs.com
ord13route.art
webku-trial.xyz
ncgf28.xyz
Targets
-
-
Target
QT24417603.js
-
Size
864KB
-
MD5
fe330e62ee592637466d5def2358afa8
-
SHA1
62bb2ec1f62e38b9c2605ba661b85ac10cddefe0
-
SHA256
f44d75390275e2f15ea0111de765cdaede7436331101363ba1db17b74f8cd88e
-
SHA512
ba59ac6e0070aae34b5cc98b6ba041f21fbbb52cd2e4551bc30a0570aa48175abb2c2aef14886bfc54128d080558e5dfd20f8800f572d7286dfa242c7032a9d2
Score10/10-
Vjw0rm
Vjw0rm is a remote access trojan written in JavaScript.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-