Overview

overview

10

Static

static

NEW ORDER DWG.exe

windows7_x64

10

NEW ORDER DWG.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEW ORDER DWG.exe

  • Size

    64KB

  • Sample

    210721-b83a71nlea

  • MD5

    29aa61fab0d0a3868c1bfc5af0573740

  • SHA1

    6d0d3f16b8210385416f80d5dd52f88bc22d78b2

  • SHA256

    13bce5abe3e50d2d91387b5de52da3b3339e0139d01072cca59114de61c58c44

  • SHA512

    4c05803880d69203b9baee670638841c01e1065c3da0c93af38ab7c8e4cdf53e263c92e41105a2ec28af9247c6371636e915fdb15572f3495e0d381174625516

Score
10/10
xloaderloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

C2

http://www.sayhellosarah.com/0tog/

Decoy

corona-info.space

laleach.com

dofreemovies.com

buntunm3.com

oxfordplainsdragway.info

hillsoverlandgear.com

unserenervos.xyz

mateacs.com

galepresbyterian.net

onlineorderingmadeeazy.com

simplyrhodeisland.com

vacandsew360.com

aspokanehome.com

shirleyswigshopinc.com

ymtfb16.com

yourpublishinganddesign.com

cbdafy.com

txtravelnurse.com

atonalai.net

ndiatv.com

Targets

    • Target

      NEW ORDER DWG.exe

    • Size

      64KB

    • MD5

      29aa61fab0d0a3868c1bfc5af0573740

    • SHA1

      6d0d3f16b8210385416f80d5dd52f88bc22d78b2

    • SHA256

      13bce5abe3e50d2d91387b5de52da3b3339e0139d01072cca59114de61c58c44

    • SHA512

      4c05803880d69203b9baee670638841c01e1065c3da0c93af38ab7c8e4cdf53e263c92e41105a2ec28af9247c6371636e915fdb15572f3495e0d381174625516

    Score
    10/10
    xloaderloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader Payload

      rat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks