tmp/9cd2cae2-77a3-491e-bd6e-bd8b6d45fde0_vbc.exe

General
Target

tmp/9cd2cae2-77a3-491e-bd6e-bd8b6d45fde0_vbc.exe

Size

482KB

Sample

211216-vr2q3sdcbl

Score
10 /10
MD5

81b76350a44f6356246271612e6f23f2

SHA1

bfafb16fcc983399191cf2596d700aa03ee6f75c

SHA256

a9704735e10e7b769bebf6b33f8fd17d8a1f2d97ef774bf2f8d3ff3694ccf6d9

SHA512

e275f3b36eff3788b3da3a8c05002660e8454e44ddd1ee4a38c85fe54d310c61ffc7228026f74b1e33ac1bcab5144cb65a289566229d1524f46c75d9e6532b1a

Malware Config

Extracted

Family xloader
Version 2.5
Campaign ea0r
Decoy

lionheartcreativestudios.com

konzertmanagement.com

blackpanther.online

broychim-int.com

takut18.com

txstarsolar.com

herdsherpa.com

igorshestakov.com

shinesbox.com

reflectpkljlt.xyz

oiltoolshub.com

viralmoneychallenge.com

changingalphastrategies.com

mecitiris.com

rdadmin.online

miniambiente.com

kominarcine.com

pino-almond.com

heihit.xyz

junqi888.com

metalumber.com

sclvfu.com

macanostore.online

projecturs.com

ahcprp.com

gztyfnrj.com

lospacenos.com

tak-etranger.com

dingermail.com

skiin.club

ystops.com

tnboxes.com

ccafgz.com

info1337.xyz

platinum24.top

hothess.com

novelfinancewhite.xyz

theselectdifference.com

flufca.com

giftcodefreefirevns.com

kgv-lachswehr.com

report-alfarabilabs.com

skeetones.com

4bcinc.com

americamr.com

wewonacademy.com

evrazavto.store

true-fanbox.com

greencofiji.com

threecommaspartners.com

Targets
Target

tmp/9cd2cae2-77a3-491e-bd6e-bd8b6d45fde0_vbc.exe

MD5

81b76350a44f6356246271612e6f23f2

Filesize

482KB

Score
10/10
SHA1

bfafb16fcc983399191cf2596d700aa03ee6f75c

SHA256

a9704735e10e7b769bebf6b33f8fd17d8a1f2d97ef774bf2f8d3ff3694ccf6d9

SHA512

e275f3b36eff3788b3da3a8c05002660e8454e44ddd1ee4a38c85fe54d310c61ffc7228026f74b1e33ac1bcab5144cb65a289566229d1524f46c75d9e6532b1a

Tags

Signatures

  • Detect Neshta Payload

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify RegistryChange Default File Association
  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • Xloader Payload

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks