General
-
Target
vbc.exebsctgsfz
-
Size
790KB
-
Sample
220503-pdp78seba2
-
MD5
14f5bfcb44b9511f2cfac6f29ab55898
-
SHA1
f8dd1f7ec5259168dc98367c3eaa998f08b41a9d
-
SHA256
8ba3166fa29eedff427b62c2d1b05984949a1ac87a34ffa2ab95f4404e96d0e7
-
SHA512
0bd4db6d4f45a58b25445726956876d5546bcf73436b0b7c0411ef3d0e683fd91707551a146e775482399896ea6581caaa3d57d3e966a17a451315dcdf1f3b02
Static task
static1
Behavioral task
behavioral1
Sample
vbc.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.5
arh2
anniversaryalert.com
kinship.space
buabdullagroup.com
ghostprotectionagency.com
scion-go-getter.com
skindeepapp.com
kysp3.xyz
bonitaspringshomesearch.com
bestdeals2022.online
themarketingstinger.com
chengkayouxuan.com
fendoremi.com
j-stra.com
klingelecn.net
deluxecarepro.com
huanbaodg.com
mes-dents-blanches.com
solutionsemissionsimplifiee.com
abedbashir.tech
good-collection.store
zulijian1.com
deuxtonnes.com
va-products.com
limpiezaspricila.com
hollyweednc.com
liylaehamartoyof4.xyz
lauraloewendesign.com
gozabank.com
iconicbeauty.co
huashiren.xyz
bdsdaivietphat.com
josephgoddard.com
bburagotr.xyz
produkoriginal.store
6156yy.com
cellfacility.com
elictriczone.com
regaldock.com
yourvitalstatistics.com
nextgen-shareholder.com
charlie-dean.com
abodebuildinggroup.com
fortunabs.com
elizabethsilvasuarez.com
setsrl.net
neskasdreams.com
abubuntunginxsetup.xyz
ubspropertyservices.com
spiritpriest.com
altaingenieriainc.net
oldhamcars.com
daimaoart.com
5u8n.com
ppcpowered.com
pmariutto.com
opendialogmonaco.com
project66bug.com
goddesscodes.love
talkingwithmarcus.com
tranvantuan.xyz
priexalidomoi.store
un2030.com
loancreditscan.com
tg88.bet
rshedm.com
Targets
-
-
Target
vbc.exebsctgsfz
-
Size
790KB
-
MD5
14f5bfcb44b9511f2cfac6f29ab55898
-
SHA1
f8dd1f7ec5259168dc98367c3eaa998f08b41a9d
-
SHA256
8ba3166fa29eedff427b62c2d1b05984949a1ac87a34ffa2ab95f4404e96d0e7
-
SHA512
0bd4db6d4f45a58b25445726956876d5546bcf73436b0b7c0411ef3d0e683fd91707551a146e775482399896ea6581caaa3d57d3e966a17a451315dcdf1f3b02
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Looks for VirtualBox Guest Additions in registry
-
Xloader Payload
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Uses the VBS compiler for execution
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-