Extracted

• • Target

    2021 DOCS.xlsx

  • Size

    2.1MB

  • MD5

    600c9bb1aafa7187fd23472681c73a78

  • SHA1

    5076f1033a0d6adee087195ea6d228e01d326e5c

  • SHA256

    2c93f33757fe002c6c49a291e398929f7a472a44f947134d34fc62ea364b1e24

  • SHA512

    1196f93336ba07689b5a3b21ab5165864b6b13d2eecadd1df7026087ef98652d4ad62138f5ac09490f6a7221e3edb3e991eaf3166f5d9376b9d8f1fa9c8a0563

  Score

  10^/10

  formbookxloaderloaderratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader

  • Xloader Payload

    rat

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Suspicious use of SetThreadContext

  behavioral1behavioral2