vbc.exe

General
Target

vbc.exe

Size

421KB

Sample

210924-l8tx5ageg7

Score
10 /10
MD5

859a1a6574e4a09027f729908318b282

SHA1

bf7c9e96ca263d7811f7357f8645af42b04c093b

SHA256

d84f2a05198d85dd6f2bf606fe6e24f7ca929cff9796d6b7f269bb8e7cf8b2a7

SHA512

4163390db6bf2d8f66e8575e8d116df222e8d72b97037eca614fdb2d94d8cd686c31eb4593ce1164dfc398fe03a7b3ac97bfee61fc2e3ddb27e566c39cb234ec

Malware Config

Extracted

Family xloader
Version 2.5
Campaign arup
C2

http://www.sapphiretype.com/arup/

Decoy

mezonpezon.com

bellapbd.com

xn--2kr800ab2z.group

cupecoysuites.com

extractselect.com

cherrycooky.com

reshawna.com

bluewinetours.com

dez2fly.com

washedproductions.com

om-asahi-kasei-jp.com

talkingpoint.tours

avaspacecompany.com

fbtvmall.com

trocaoferta.com

mionegozio.com

reitschuetz.com

basepicks.com

networkagricity.com

kastore.club

groovydeer.com

realisa.net

891708.com

naveenachittibiyina.com

guizhouawj.com

royaltortoisecookieco.online

scubafarm.com

sibo.care

rapi-vet.com

metaid.website

shadoworksart.com

gratitudegalore.com

penhal.com

fetch-an-us-itchy.zone

melisaakyolicmimarlik.com

yiweise.com

sofasstorremolinos.com

rfanil.com

metaverselemon.com

theholidaymovieplanner.com

n4sins.com

fortcor.com

galaxysingle.com

gzwqpsyj.com

azur-riviera-rental.com

bharathpaperbagmachine.com

pinup722bk.com

darkness.global

theihearthotel.com

wecowork.net

Targets
Target

vbc.exe

MD5

859a1a6574e4a09027f729908318b282

Filesize

421KB

Score
10 /10
SHA1

bf7c9e96ca263d7811f7357f8645af42b04c093b

SHA256

d84f2a05198d85dd6f2bf606fe6e24f7ca929cff9796d6b7f269bb8e7cf8b2a7

SHA512

4163390db6bf2d8f66e8575e8d116df222e8d72b97037eca614fdb2d94d8cd686c31eb4593ce1164dfc398fe03a7b3ac97bfee61fc2e3ddb27e566c39cb234ec

Tags

Signatures

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • Xloader Payload

    Tags

  • Deletes itself

  • Uses the VBS compiler for execution

    TTPs

    Scripting
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10