General
-
Target
NEW ORDER 2021.exe
-
Size
307KB
-
Sample
211105-p5xfmahabl
-
MD5
e6bd805df7bb8a90503c4b1f5784bd3c
-
SHA1
51d0e6942ca0732c5a3f2e2876d9216236bfc178
-
SHA256
dd07d6d24f528663fa5cb854c523d5ba2b096a9b3dc23b466cef94355f0cdec9
-
SHA512
f715ddcf9c169cbb2073f7e80afc151c09605717202da13b3eb40841077c2bbbbea4b996b13ca31abd1d6f38e89e583de9c1db7ad908ff5245299e95cc0625a5
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER 2021.exe
Resource
win7-en-20211104
Malware Config
Extracted
xloader
2.5
b2c0
http://www.thesewhitevvalls.com/b2c0/
bjyxszd520.xyz
hsvfingerprinting.com
elliotpioneer.com
bf396.com
chinaopedia.com
6233v.com
shopeuphoricapparel.com
loccssol.store
truefictionpictures.com
playstarexch.com
peruviancoffee.store
shobhajoshi.com
philme.net
avito-rules.com
independencehomecenters.com
atp-cayenne.com
invetorsbank.com
sasanos.com
scentfreebnb.com
catfuid.com
sunshinefamilysupport.com
madison-co-atty.net
newhousebr.com
newstodayupdate.com
kamalaanjna.com
itpronto.com
hi-loentertainment.com
sadpartyrentals.com
vertuminy.com
khomayphotocopy.club
roleconstructora.com
cottonhome.online
starsspell.com
bedrijfs-kledingshop.com
aydeyahouse.com
miaintervista.com
taolemix.com
lnagvv.space
bjmobi.com
collabkc.art
onayli.net
ecostainable.com
vi88.info
brightlifeprochoice.com
taoluzhibo.info
techgobble.com
ideemimarlikinsaat.com
andajzx.com
shineshaft.website
arroundworld.com
reyuzed.com
emilfaucets.com
lumberjackguitarloops.com
pearl-interior.com
altitudebc.com
cqjiubai.com
kutahyaescortbayanlarim.xyz
metalworkingadditives.online
unasolucioendesa.com
andrewfjohnston.com
visionmark.net
dxxlewis.com
carts-amazon.com
anadolu.academy
Targets
-
-
Target
NEW ORDER 2021.exe
-
Size
307KB
-
MD5
e6bd805df7bb8a90503c4b1f5784bd3c
-
SHA1
51d0e6942ca0732c5a3f2e2876d9216236bfc178
-
SHA256
dd07d6d24f528663fa5cb854c523d5ba2b096a9b3dc23b466cef94355f0cdec9
-
SHA512
f715ddcf9c169cbb2073f7e80afc151c09605717202da13b3eb40841077c2bbbbea4b996b13ca31abd1d6f38e89e583de9c1db7ad908ff5245299e95cc0625a5
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-