General
-
Target
vbc.exeivgijkfx
-
Size
842KB
-
Sample
220422-av8ctaeehn
-
MD5
d1313aa99a8d454aa0d3b728a67dd331
-
SHA1
81098d77f90fe9cb7f8953345c7385c35597bdfd
-
SHA256
b85b6101f5f24710f8c9d5a32a4fa4194c55d1088c8722b08653aac9e6a3007a
-
SHA512
55591756ffcd8442766800b95ba472a3dc8cd1d01e30b65ab146b48b4911ac4b05433c4204f237964720dfffa96af9c218569b81f79d4b14d4c70b9a7f1cd56f
Static task
static1
Behavioral task
behavioral1
Sample
vbc.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.5
arh2
anniversaryalert.com
kinship.space
buabdullagroup.com
ghostprotectionagency.com
scion-go-getter.com
skindeepapp.com
kysp3.xyz
bonitaspringshomesearch.com
bestdeals2022.online
themarketingstinger.com
chengkayouxuan.com
fendoremi.com
j-stra.com
klingelecn.net
deluxecarepro.com
huanbaodg.com
mes-dents-blanches.com
solutionsemissionsimplifiee.com
abedbashir.tech
good-collection.store
zulijian1.com
deuxtonnes.com
va-products.com
limpiezaspricila.com
hollyweednc.com
liylaehamartoyof4.xyz
lauraloewendesign.com
gozabank.com
iconicbeauty.co
huashiren.xyz
bdsdaivietphat.com
josephgoddard.com
bburagotr.xyz
produkoriginal.store
6156yy.com
cellfacility.com
elictriczone.com
regaldock.com
yourvitalstatistics.com
nextgen-shareholder.com
charlie-dean.com
abodebuildinggroup.com
fortunabs.com
elizabethsilvasuarez.com
setsrl.net
neskasdreams.com
abubuntunginxsetup.xyz
ubspropertyservices.com
spiritpriest.com
altaingenieriainc.net
oldhamcars.com
daimaoart.com
5u8n.com
ppcpowered.com
pmariutto.com
opendialogmonaco.com
project66bug.com
goddesscodes.love
talkingwithmarcus.com
tranvantuan.xyz
priexalidomoi.store
un2030.com
loancreditscan.com
tg88.bet
rshedm.com
Targets
-
-
Target
vbc.exeivgijkfx
-
Size
842KB
-
MD5
d1313aa99a8d454aa0d3b728a67dd331
-
SHA1
81098d77f90fe9cb7f8953345c7385c35597bdfd
-
SHA256
b85b6101f5f24710f8c9d5a32a4fa4194c55d1088c8722b08653aac9e6a3007a
-
SHA512
55591756ffcd8442766800b95ba472a3dc8cd1d01e30b65ab146b48b4911ac4b05433c4204f237964720dfffa96af9c218569b81f79d4b14d4c70b9a7f1cd56f
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Possible privilege escalation attempt
-
Modifies file permissions
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-