xloader | df6hzlfpfbcxv4f[.]exe

General

Target

df6hzlfpfbcxv4f.exe
Size

177KB
MD5

550076952d4e9961ecf381824c38e022
SHA1

ce65a915752d64e601e158690b198aee5a22a31e
SHA256

15d56d28ea0f515ada674dfbbf4391390e9c1248c7a8c895d932b4220e6c2a81
SHA512

70e42430b94148be0d03d83b82b77177c1288c893b241541bc51a8a87f4f72f9b1e1e14c2508cb44c30a33a17318077454d439143261e3949ead2df2505632d5
SSDEEP

3072:MT2jRLlS/s+YDWhRW08JgsJZUzjsL54hdiNYKgd9m7YapOW:Fjpo3Yn08J7jUPi54hdtM7j

Score

10^/10

rat 6hsc xloader formbook

Malware Config

Extracted

Family

formbook

Campaign

6hsc

Decoy

6cvqXARAGlgdnnbXYQ==

Mi4yZ8FULou6w26U2FDnEbA=

Xmx0bJmRZGL+O0RFfLFNN9AMdwn+

B0WNhyl4T2gWBIqE1VDnEbA=

DI2G9/sG/v6YIh42aQ==

0NTaAl90ZWYiGV/bT4U=

DWCuXrL23Cc3xdIG/0dT

fTbzys/dddqOVQ==

8ClrDFi3i+asgxBOnguhlQ==

YjOkWLSpXeqrXw==

gAIov8vbtv8vr8/tFSXvDULL7thokKA=

xMW2qsXay7xNkonR/zxPo939

xc38fRlgO2opnnbXYQ==

+o31vQlURJKmLUWfHlMq0Gjs

z6GwWxCSKJLJ

2pnQ5evpehAxUt4hd6pq9X71

2CmXDSU2DTmDR+Q=

WV9ScxFQID1V2glQnguhlQ==

L8UDlK65h9wJ7Zeb3VDnEbA=

Agb4LF2bRcDX

Signatures

Formbook family
formbook
Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df6hzlfpfbcxv4f.exe

Files

df6hzlfpfbcxv4f.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 172KB - Virtual size: 172KB

.text
Size: 172KB - Virtual size: 172KB