Extracted

• • Target

    SKM_1504322RS.exe

  • Size

    192KB

  • MD5

    d382db9d903f52d9f2f7eb2c1039b824

  • SHA1

    c2e97ed52203259715f51ee9844176e18ea2cbbe

  • SHA256

    59552104d4bb2bcc6518dab735dac7dbb731a988dda8b82d39fa10911e7b8ee3

  • SHA512

    93711c47076a3c90d63ecf79b5d17a4a0f188cc7fd790f9af0740ee0907876fdbbc33da4e84a0f1b85050e9a00b0f05a592a78c0822b8251d3011f50427e56b3

  Score

  10^/10

  formbookxloaderahc8loaderpersistenceratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader

  • Xloader Payload

    rat

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2