Overview

overview

10

Static

static

vbc.exe

windows7_x64

10

vbc.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vbc.exe

  • Size

    824KB

  • Sample

    220126-stkt8sedhp

  • MD5

    112d18adbea1d0a5764043a209cfe2c7

  • SHA1

    3e142f060da4c6cfef7aa3398971af1f6cd86037

  • SHA256

    5cdd172f465ceffd3bcf25b11515fb6cf382045856f18cf05da436353f672aa4

  • SHA512

    a196df55464ccb85837b2decf724a147804586fde3bec4d45c3737e538d3de5e27bd027a9d420d6eda1f19ced14a38d4449a70cba6f27d298abd065986f87e90

Score
10/10
xloadercxbzloaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

cxbz

Decoy

daligtemno.quest

785686.com

jttengineering.com

papayaflorida.com

qinuxshop.net

mihaialexandruhash.com

ezzycoins.com

bseafacepharma.online

relaymondbe.com

straightuppokeronline.com

thebranddanymz.com

derrickgolden.net

missedyou.quest

palmstone-realestate.com

windoors.net

freakyhamster.com

boodtv.com

softsellingsystem.com

axiemng.com

officejava.store

Targets

    • Target

      vbc.exe

    • Size

      824KB

    • MD5

      112d18adbea1d0a5764043a209cfe2c7

    • SHA1

      3e142f060da4c6cfef7aa3398971af1f6cd86037

    • SHA256

      5cdd172f465ceffd3bcf25b11515fb6cf382045856f18cf05da436353f672aa4

    • SHA512

      a196df55464ccb85837b2decf724a147804586fde3bec4d45c3737e538d3de5e27bd027a9d420d6eda1f19ced14a38d4449a70cba6f27d298abd065986f87e90

    Score
    10/10
    xloadercxbzloaderratsuricata

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • Deletes itself

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks