Extracted

• • Target

    BSL 01321 PYT.xlsx

  • Size

    1.2MB

  • MD5

    d3d8e84318aa37f8ddfb091d1f6fd3a1

  • SHA1

    813965f6dd16278e8ab4b86ff3389bb06c8bbfc8

  • SHA256

    e7657932eab205aa1e946f41120b31ef481b7ed87c225b215104c22f69a97841

  • SHA512

    0a8102559b28bf6e92092b4f73579da19794ab8de97694506feb7e5d43349f379b3af05aeec8518b9217fa52f316599459114497c4af8f4f19aded5386428cce

  Score

  10^/10

  formbookxloaderloaderratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader

  • Xloader Payload

    rat

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Suspicious use of SetThreadContext

  behavioral1behavioral2