General
-
Target
vbc.exe
-
Size
617KB
-
Sample
210506-bm5wpyska2
-
MD5
60b88477173379e55e2d5c678d2a32ff
-
SHA1
8dcccf0321468fa7e9c51f5cac81ac6da43c0cb5
-
SHA256
27563e3971b4f2baf6bf551323b1538809038aa456d5e0c02dd5e6a902b8f0e6
-
SHA512
8705510d538c1e565c7f19d633c1336311dbee239240ef0a2a45b61e37fdb83bb8300348c09e132a80f86cc208e19f532225c08d76644de69f948db951500805
Static task
static1
Behavioral task
behavioral1
Sample
vbc.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
http://www.gailrichardson.com/qjnt/
funeralinsurancetoppro.info
californiaredstate.com
xn--jpr220deud640b.com
playx.finance
siamfellow.com
tekirdagvethelp.com
forrealmodels.com
desenergie.info
whynotplus.com
graniteinaminute.com
satgurucolorlabs.com
potviper.com
racevx.xyz
thebluefishhotel.net
elletesla.com
4608capaydrive.com
buckhead-meat.com
garage-repair-near-me.com
ubique.works
markokuzmanovicpreduzetnik.com
crochenista.com
rivcodevelopment.com
houstonwingate.com
libertyss.com
ganaentunegocio.com
classicshopin.com
startrekepisode.com
phenomlearning.com
ionawilde.com
sembachtigers.info
gmngapp.com
frotaconceitos.com
chartingbtc.net
bandinella.com
warriormovers.com
pds-navi.com
warriornotesgolbalprayer.com
xjbpsh.net
akerii.com
p-col.com
qs-industrial.com
eoapdj.com
bhcsva.com
ndsplan.com
hdepo.com
sligogolfacademy.com
querofalardesaude.com
hanju163.com
gritchiecharcoal.com
investiose.info
lesmoulinsdunord.com
frienzmusic.com
fishfutur.com
learnaboutwhatsnext.com
pursuetech.online
rocknwink.com
afribus-sarl.com
2crazyc.com
qianyafs.com
slots-drift-casino.com
laayoune4seasons.com
relaxxation.com
halostreams.net
medconditions.net
Targets
-
-
Target
vbc.exe
-
Size
617KB
-
MD5
60b88477173379e55e2d5c678d2a32ff
-
SHA1
8dcccf0321468fa7e9c51f5cac81ac6da43c0cb5
-
SHA256
27563e3971b4f2baf6bf551323b1538809038aa456d5e0c02dd5e6a902b8f0e6
-
SHA512
8705510d538c1e565c7f19d633c1336311dbee239240ef0a2a45b61e37fdb83bb8300348c09e132a80f86cc208e19f532225c08d76644de69f948db951500805
-
Xloader Payload
-
Deletes itself
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-