Extracted

• • Target

    Ri9RSdOwP2DvMFi.exe

  • Size

    782KB

  • MD5

    93fcca51eeb3f566119693d2f9745926

  • SHA1

    9cb3c035e948b0e1e27f2a8515fed6deb14857a5

  • SHA256

    effde9dee423f050461080a9efc44435f4abd5d772e0a436f84f758b95ff65b2

  • SHA512

    978b52d10a3a00429322c21cb492f7f72a1bbe175d3915b37d01d4ecde9b0b66f29228625c1e5abf71ad3b5110f9021059c5daaa8f7ea25b5fb7e641ffb06d85

  • SSDEEP

    6144:luFJLgGJz99KYyo3wdTPnoJx6DqVY2RvE/KMuKszf7hOgoP2Oncbq3VHOflCbF23:KzfDyvnGmqvs/5YOgoZsHYMaPVUnt

  Score

  10^/10

  xloaderb5neloaderrat

  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader

  • Xloader payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Suspicious use of SetThreadContext

  behavioral1behavioral2