Overview

overview

10

Static

static

New Order.exe

windows7_x64

10

New Order.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New Order.exe

  • Size

    598KB

  • Sample

    210511-f7hgw9trh6

  • MD5

    141631f69786dc0c8dab76a0d46c08df

  • SHA1

    d7f57c25f8cfcd8668627b6e59c811bd0a55773c

  • SHA256

    811e72ee55befef366b4235c604f107aad70c9eee031c15514a663efabdf2b8a

  • SHA512

    24da8a5f37c77217a5c3ccb221bedc9709e385d2d0c4bdf2ea449c43d7acdbc675ea03dd3539f9878bf64c0870a4057bec7ec8abd29a600d3895cc0f3457ebf1

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.locply.com/un8c/

Decoy

honestfind.com

leadershipbeast.com

jadidmarrakech.com

aloeverabeautygroup.com

wazbi.info

maxinextgen.com

thirdgenerationfarms.com

yourebakinmecrazy.com

ljzsoft.com

alquarame.com

northernvainteriors.com

bedteacher.com

britainblog.com

mansion-on-main.net

cdroem.com

225sea.com

kokoshaveice.com

outinresearch.com

citestaccnt1597644238.com

myvitaminshe.com

Targets

    • Target

      New Order.exe

    • Size

      598KB

    • MD5

      141631f69786dc0c8dab76a0d46c08df

    • SHA1

      d7f57c25f8cfcd8668627b6e59c811bd0a55773c

    • SHA256

      811e72ee55befef366b4235c604f107aad70c9eee031c15514a663efabdf2b8a

    • SHA512

      24da8a5f37c77217a5c3ccb221bedc9709e385d2d0c4bdf2ea449c43d7acdbc675ea03dd3539f9878bf64c0870a4057bec7ec8abd29a600d3895cc0f3457ebf1

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks