xloader | Formbook[.]exe

General

Target

Formbook.exe
Size

177KB
MD5

325e9bc40c665d845e9edd875631ec48
SHA1

6f325ce61e9d8916cced15919cbd84fce584e14f
SHA256

c3b9bd6a3c03e763f6255c275cbb3a068de6feef7417d18b7a3e92c6b28753e5
SHA512

02760fc7cd93075f8fdb35e0a87dfee062c718fe03a28408da6a03d37eb6e39a3388c0c01611cee8d28422b930346c92f4242538a29daa8ad0a3b5cdf8d69dc4
SSDEEP

3072:FamFfATiz/CDWALN/Prl8QCUaIUZt/nmYVo+jVMDlMUqc:TJpCnN/58HUaIUZAA/jVMDXq

Score

10^/10

rat t65q xloader formbook

Malware Config

Extracted

Family

formbook

Campaign

t65q

Decoy

0oaArVDIAeJVRaUXOQ==

LNDb+polOuZWRaUXOQ==

JtmsCzRHeEwzeL2B

vnqa1XjmKA+FvOMtYjCfpA==

PObZY38RZFy5hI+UBU5z

HMWF1duWpoWGMkD8jx65AUXSWw==

q1a4x9u/45pUzx7JtUw=

eiBXszdDjIicMZGUBU5z

2ZGTqUfi76hl6hgZwPHQTHU4

yXEFKTk2ZFqpgJhtW7TlCzU88p5IsBE=

4pKcIzzkIudWRaUXOQ==

DLJZgItne1U4t/oxYjCfpA==

Gtx+wM18vK+EJGWUjf7cib+389qAog==

AZhvu+juGvcbvwuGswJ7

Is51z+aNxKdZxgvJaaSc0TM5Ondl

/J5wws+U0rZJfqUJYjCfpA==

rYz0dRg7cEwzeL2B

ZQN98UzJR6VFhog=

bSdHfxuEokkzeL2B

/5w7hZ1okomXNpqMv1s=

Signatures

Formbook family
formbook
Xloader family
xloader
Xloader payload 1 IoCs
rat

Processes:

resource yara_rule

sample xloader
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

Formbook.exe

resource	yara_rule
sample	xloader

resource
Formbook.exe

Files

Formbook.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 172KB - Virtual size: 172KB

.text
Size: 172KB - Virtual size: 172KB