General

  • Target

    https://jxyserr.xyz/sl?l=8e7ea5493b35afc96ae4f614040c05d9fcf6be4ead835029c1ef7ac86969401f44c9747f553b6a68

  • Sample

    250104-sqk1tsvlft

Malware Config

Targets

    • Target

      https://jxyserr.xyz/sl?l=8e7ea5493b35afc96ae4f614040c05d9fcf6be4ead835029c1ef7ac86969401f44c9747f553b6a68

    • Downloads MZ/PE file

    • A potential corporate email address has been identified in the URL: [email protected]

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks