General
-
Target
vbc.exe
-
Size
830KB
-
Sample
210504-1qvnq6le2n
-
MD5
020adea3f32c15a0dc4a23522798c3f2
-
SHA1
88378c179cc71548d98eb0500829019be8f22dcb
-
SHA256
e3404e10a2f6b9abb35ab5869a8c78167c82b72815bc59983cd018170412d53d
-
SHA512
1a903bfebf8c75dd08e5907f3fcacfc44635df1a1563b2cbab704ee6d5370b350600c1d23921aac0d20b69a2033d4aad6131ec7e5971b46d7445dc93536370d8
Static task
static1
Behavioral task
behavioral1
Sample
vbc.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
http://www.apluspro.online/bgnq/
customsclearingagents.com
vsemasteraokon.online
seeheresthething.com
chozamtravel.com
cjkustom.com
djeffexla.com
survivingks.com
rokascapitalmanagement.net
tekdesignlimited.com
1499parkave.com
fontanerosboadilla.com
jesusencounterminisries.com
uouhodler.com
cordstraw.com
dab50074.com
sarahleinartstore.com
inawinnebago.com
wassersportzentrum.online
giselabustamante.com
gulaturun.com
help4americanheroes.com
manuellandmann.com
togshot.com
indapolisitaiik.com
equilibriumarket.com
toucanwellness.com
piyboo.com
zoom4k.xyz
babe-boutique.com
f28smart.com
lawrencepestcontrolpros.com
yeethong.com
thewowwomen.com
priscillamaury.com
curtex.info
jennifernealtarot.com
atiqherbal.com
geraldgulley.com
jenniferlarmstrong.com
imaymei.com
electricporsche986.com
mikeahenry.com
colinscotflorals.com
01cheshi.com
hellofresh.club
infinitegrowthmarketing.com
kuryeforum.xyz
khalifehlivestock.com
biryanished.com
originallionqueen.com
tajigroup.com
instuctur.com
pennyfishdesigns.com
dulceespera.net
corporate-hero.com
sensers.club
unionbayblog.com
romaindaubord.com
kwrecruitment.com
hostingforphotographers.com
107001.com
lovelaughwine.com
simplyhealrhcareplans.com
thedoubletwelve.com
Targets
-
-
Target
vbc.exe
-
Size
830KB
-
MD5
020adea3f32c15a0dc4a23522798c3f2
-
SHA1
88378c179cc71548d98eb0500829019be8f22dcb
-
SHA256
e3404e10a2f6b9abb35ab5869a8c78167c82b72815bc59983cd018170412d53d
-
SHA512
1a903bfebf8c75dd08e5907f3fcacfc44635df1a1563b2cbab704ee6d5370b350600c1d23921aac0d20b69a2033d4aad6131ec7e5971b46d7445dc93536370d8
-
Xloader Payload
-
Deletes itself
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-