Overview

overview

10

Static

static

tmp/vbc.exe

windows7_x64

10

tmp/vbc.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp/vbc.exe

  • Size

    1.0MB

  • Sample

    211214-pms1gsggak

  • MD5

    e8093e6a8950b5a7558a603be6ab6ccc

  • SHA1

    ace0206e65b480cff6802ee7439cf020c9048283

  • SHA256

    a8026cedc6f508f5fb982c7bd33732418e056de7c82a3633f7f5bd68c6bace9d

  • SHA512

    ee961d42b84eaa424303080fa6ea48b05c220e86eba0acc8ac80802ec9058e51029ef6f7e9a8e212ab544092d606706b9206537207dae627dfd9dc890bd0d3bf

Score
10/10
xloadersb6nloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

sb6n

C2

http://www.best5amazon.com/sb6n/

Decoy

bogosamba.com

inmobiliariapuertalavilla.com

nopressurewellness.com

hairshopamity.com

epicmoments360.com

tutorgpa.com

fucibou.xyz

135631.com

portraydashcam.com

raqsarabia.com

okantis.net

vongquaykimcuongfreefire.online

prodom.online

5537sbishop.info

lisakenneyinc.com

fivetime.xyz

borzv.com

joungla.com

mas-urbano.com

sjczyw.com

Targets

    • Target

      tmp/vbc.exe

    • Size

      1.0MB

    • MD5

      e8093e6a8950b5a7558a603be6ab6ccc

    • SHA1

      ace0206e65b480cff6802ee7439cf020c9048283

    • SHA256

      a8026cedc6f508f5fb982c7bd33732418e056de7c82a3633f7f5bd68c6bace9d

    • SHA512

      ee961d42b84eaa424303080fa6ea48b05c220e86eba0acc8ac80802ec9058e51029ef6f7e9a8e212ab544092d606706b9206537207dae627dfd9dc890bd0d3bf

    Score
    10/10
    xloadersb6nloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks