General

  • Target

    tmp/vbc.exe

  • Size

    441KB

  • Sample

    211203-r6ggxabhb7

  • MD5

    35971270d5d0406535ba77fa74bf4f21

  • SHA1

    2ae768c1dd51a1bbefa32f2f8b620490ec026aae

  • SHA256

    8f14202d038576081a716747d905248877b873edcec27a6406201d57b090ae8b

  • SHA512

    e4f164fbdca5636b60e7f015b3f39e46f7188fc7eadc0557a8cce88c3150f2de18f6eb7e51659c3b91b82a5ff8325e7067e7d2061d32f9bc8de31ba7814031cf

Score
10/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ea0r

C2

http://www.asiapubz-hk.com/ea0r/

Decoy

lionheartcreativestudios.com

konzertmanagement.com

blackpanther.online

broychim-int.com

takut18.com

txstarsolar.com

herdsherpa.com

igorshestakov.com

shinesbox.com

reflectpkljlt.xyz

oiltoolshub.com

viralmoneychallenge.com

changingalphastrategies.com

mecitiris.com

rdadmin.online

miniambiente.com

kominarcine.com

pino-almond.com

heihit.xyz

junqi888.com

Targets

    • Target

      tmp/vbc.exe

    • Size

      441KB

    • MD5

      35971270d5d0406535ba77fa74bf4f21

    • SHA1

      2ae768c1dd51a1bbefa32f2f8b620490ec026aae

    • SHA256

      8f14202d038576081a716747d905248877b873edcec27a6406201d57b090ae8b

    • SHA512

      e4f164fbdca5636b60e7f015b3f39e46f7188fc7eadc0557a8cce88c3150f2de18f6eb7e51659c3b91b82a5ff8325e7067e7d2061d32f9bc8de31ba7814031cf

    Score
    10/10
    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Discovery

System Information Discovery

1
T1082

Tasks