Overview

overview

10

Static

static

vbc.exe

windows7_x64

10

vbc.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vbc.exe

  • Size

    821KB

  • Sample

    210920-mdv3dagdck

  • MD5

    6e1476a40e4f1b65294f5ff5df9f99d7

  • SHA1

    da3f2a6fb40d243ece92534253c79c2669bd4e69

  • SHA256

    a243b394a1a3377b3ae936e6ea896588cca8cc43f8b961bdecbbe324e28c283c

  • SHA512

    0bfabd3b94785ddc530ba7b76258382f1212587c50f89da273294e6c698792c4d9296bd323d3814ae559cda1fd3ce3339d9a8e0f168e5e714fc9f804b0ddfc0f

Score
10/10
xloadereuznloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euzn

C2

http://www.heser.net/euzn/

Decoy

235296tyc.com

gold12guide.art

baibuaherb.com

weberwines.tax

chezvitoria.com

aidenb.tech

pitchdeckservice.com

surgeryforfdf.xyz

workunvaccinated.com

hrtaro.com

yourotcs.com

sonimultispecialityclinic.com

consultantadvisors.com

pentesting-consulting.com

dantechs.digital

longshifa.online

taweilai.net

imyusuke.com

cashndashfinancial.com

fasiglimt.quest

Targets

    • Target

      vbc.exe

    • Size

      821KB

    • MD5

      6e1476a40e4f1b65294f5ff5df9f99d7

    • SHA1

      da3f2a6fb40d243ece92534253c79c2669bd4e69

    • SHA256

      a243b394a1a3377b3ae936e6ea896588cca8cc43f8b961bdecbbe324e28c283c

    • SHA512

      0bfabd3b94785ddc530ba7b76258382f1212587c50f89da273294e6c698792c4d9296bd323d3814ae559cda1fd3ce3339d9a8e0f168e5e714fc9f804b0ddfc0f

    Score
    10/10
    xloadereuznloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks