Overview

overview

10

Static

static

1

GQdd.js

windows7-x64

10

GQdd.js

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    GQdd.js

  • Size

    59KB

  • Sample

    230316-petxtaag33

  • MD5

    f45bc98d3dfeeb8e0d98846219fa99e7

  • SHA1

    2f17e430f50c488d1caad657bafd7e1a833a8101

  • SHA256

    c11531a40563f534193a3980a702ef8fd56f0ab08d29b341536c072f1bde2252

  • SHA512

    4712e8d2b3ef12e2a700cdd46a079b4efd7d261342eff755c492d337b43b9e68808237b6cfdd3940f93a1eceebc07a9d852e0ec0c8e18e843dff6132309a3a21

  • SSDEEP

    768:a7oKfyNNHC2Yu1tlu0WLK7poGkMYya+sNxbw3RAkFl9qjnB8qVRw0hm6n9zle+4a:aUwyNNDeK7pjkq8mL4r9D

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://dimoparkhogar.com/7VQuf/1
exe.dropper

https://accesstelematics.com/Ulo3MpM/1
exe.dropper

https://fondationjoelkrasso.org/rjzgP6/1
exe.dropper

https://lamired.com/8FIz2P/1
exe.dropper

https://cocovedaglobal.com/XBtcjkQ/1
exe.dropper

https://earnforpak.com/CzIUp/1
exe.dropper

https://kotogadang-pusako.com/MweGD/1
exe.dropper

https://laposadadeugartearequipa.com/NARKhE/1

Targets

    • Target

      GQdd.js

    • Size

      59KB

    • MD5

      f45bc98d3dfeeb8e0d98846219fa99e7

    • SHA1

      2f17e430f50c488d1caad657bafd7e1a833a8101

    • SHA256

      c11531a40563f534193a3980a702ef8fd56f0ab08d29b341536c072f1bde2252

    • SHA512

      4712e8d2b3ef12e2a700cdd46a079b4efd7d261342eff755c492d337b43b9e68808237b6cfdd3940f93a1eceebc07a9d852e0ec0c8e18e843dff6132309a3a21

    • SSDEEP

      768:a7oKfyNNHC2Yu1tlu0WLK7poGkMYya+sNxbw3RAkFl9qjnB8qVRw0hm6n9zle+4a:aUwyNNDeK7pjkq8mL4r9D

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks