Overview

overview

10

Static

static

vbc.exe

windows7_x64

10

vbc.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vbc.exe

  • Size

    845KB

  • Sample

    220125-vqvalsbear

  • MD5

    0becd341e0585b0c5a278e62a9727a9a

  • SHA1

    71b8b08ab44bb93a2bacb3948a8dee5273f78488

  • SHA256

    ee5dd80f9946c3b8221409e1aed242cd36a8188850718f89722b48404906275e

  • SHA512

    9edfca50d1ebe082bd13ba32de078bca96a06c8bf18b56471f12adfd3a05830eb821f5ce26404d1e2bea48b3dda3b74b06ae3f4922de2c1842f17329173a1cb9

Score
10/10
xloadernt3floaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

nt3f

Decoy

tricyclee.com

kxsw999.com

wisteria-pavilion.com

bellaclancy.com

promissioskincare.com

hzy001.xyz

checkouthomehd.com

soladere.com

point4sales.com

socalmafia.com

libertadysarmiento.online

nftthirty.com

digitalgoldcryptostock.net

tulekiloscaird.com

austinfishandchicken.com

wlxxch.com

mgav51.xyz

landbanking.global

saprove.com

babyfaces.skin

Targets

    • Target

      vbc.exe

    • Size

      845KB

    • MD5

      0becd341e0585b0c5a278e62a9727a9a

    • SHA1

      71b8b08ab44bb93a2bacb3948a8dee5273f78488

    • SHA256

      ee5dd80f9946c3b8221409e1aed242cd36a8188850718f89722b48404906275e

    • SHA512

      9edfca50d1ebe082bd13ba32de078bca96a06c8bf18b56471f12adfd3a05830eb821f5ce26404d1e2bea48b3dda3b74b06ae3f4922de2c1842f17329173a1cb9

    Score
    10/10
    xloadernt3floaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks