General
-
Target
vbc.exe
-
Size
331KB
-
Sample
210420-ef7enk98cn
-
MD5
a5c974a5617823b3de03e26b469ad47d
-
SHA1
197b391fcd3b7b41e07f819535691405194fe2a4
-
SHA256
a3ae710cb1edbfd1f9cc33ab53ffddd288646a040118b2bc252cc6ac070a8308
-
SHA512
b660fab41fadc6497216ef3f0e3750f153f5f59f5dba0e30c60afba731b368b65d18576f1f5ca8ef10b52df97423f9addf1d1f9fd296d779c0d8d51e968ae4d1
Static task
static1
Behavioral task
behavioral1
Sample
vbc.exe
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
http://www.nyclgbxyi.icu/u6nq/
lamailefr.com
creativesword.com
mpconnextions.com
tureture-diary.net
ateamtotalcare.com
ihealthsauna.com
contex33.xyz
hotege.club
candiceco.com
southerntwistent.com
foivgohl.com
azetheelynn.art
galsmith.com
alphaquantumfunds.site
mursiony.club
ajobfit.com
resourceunits.com
metropolitanez.net
shaohuizq.com
tedbagsstore.com
hvygcj.com
anthonyfry.com
drinkjoisi.com
webgomo.com
k12paymemtcenter.com
pal-photo.net
gzlcwl.com
robertbunisrealestate.com
visitaswede.com
budo.team
goodreality1.com
kenkelconsulting.com
niuzaiapp.com
bookjoegandelman.com
deluzultravioleta.com
achievecake.com
bluehensolutions.com
findthesmartphone.com
205southsignalstojai.com
risk-neutralport.com
moongoodies.com
elevatedeventcatering.com
nubiaurquizopeluqueria.com
j2ztvwx5dz.club
csnturkiye.com
unsoldauctionproperties.com
sharkorderusa.com
apexmaintenancegroup.com
nakedlies.net
allthe-things.com
yourfaithinluck.com
seniorflying.com
downy.sucks
yocontramismostros.com
ine.expert
rockfirenola.com
vssop.xyz
xn--3bss1rzz1apulk7k.com
hearts2give.com
littlecreatorz.com
ericthelefty.com
setosahealth.com
legalopinion.guru
farneasy.com
Targets
-
-
Target
vbc.exe
-
Size
331KB
-
MD5
a5c974a5617823b3de03e26b469ad47d
-
SHA1
197b391fcd3b7b41e07f819535691405194fe2a4
-
SHA256
a3ae710cb1edbfd1f9cc33ab53ffddd288646a040118b2bc252cc6ac070a8308
-
SHA512
b660fab41fadc6497216ef3f0e3750f153f5f59f5dba0e30c60afba731b368b65d18576f1f5ca8ef10b52df97423f9addf1d1f9fd296d779c0d8d51e968ae4d1
-
Xloader Payload
-
Deletes itself
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-