General
-
Target
vbc.exezxcmvqhq
-
Size
1.0MB
-
Sample
220519-ct8nascgfn
-
MD5
9c57cf589c6ff051d2aec2bbaf515dfb
-
SHA1
846b8e1244b7a7e2cbddbd837c77708b6bb0bb32
-
SHA256
4daead502dfca41fa6e5789eb458e5bc60ed7da6c8af2229596e1e0697f50701
-
SHA512
2947df318501ce13e7b99cf65fc0f18db3086f6ac97727831ffdb253a28fdce3ce10d1d1998b80423d313ae5d375ad2f65ff9b3741774e2a3632de7862364a0e
Static task
static1
Behavioral task
behavioral1
Sample
vbc.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.6
arh2
hstorc.com
blackountry.com
dhrbakery.com
dezhouofit.com
defipayout.xyz
ginas4t.com
byzbh63.xyz
qrcrashview.com
mialibaby.com
enhaut.net
samainnova.com
yashveerresort.com
delfos.online
dungcumay.com
lj-counseling.net
fliptheswitch.pro
padogbitelawyer.com
aticarev.com
sederino.site
bestplansforpets-japan3.life
radicallysimplesupps.com
sandbagmaker.com
misdcf.xyz
nbpz.xyz
floridasunbreaks.com
justfinishesofcolorado.com
homemethtestkit.com
chaquetashapticas.com
zodiactshirt.com
tees.email
zxzx999.com
tempepdf.com
watchusroll.com
parotacenter.com
assistcourse.online
paulstilingroup.com
cnbcfx.com
mooncore.xyz
laplugnation.com
gosti24.com
cthomassolutions.com
rkhubs.com
aboutpier.com
multimediaroomandboard.com
iamparrot.com
wifitest.info
nounworld.com
xpartner.biz
128grandviewdrivenewportnsw.com
bakiin.com
suitcell.com
onehitgamerstudios.com
bathingsuitsshoppingus.com
wingstarifa.com
ccasudqi.com
epiconscious.com
ponponshoes.com
cicom.tech
safetynetinc.net
recanto.xyz
sellsidelite.net
kevmoinesproperties.com
hdwallpaperpics.life
57gznfw.xyz
abtys6.online
Targets
-
-
Target
vbc.exezxcmvqhq
-
Size
1.0MB
-
MD5
9c57cf589c6ff051d2aec2bbaf515dfb
-
SHA1
846b8e1244b7a7e2cbddbd837c77708b6bb0bb32
-
SHA256
4daead502dfca41fa6e5789eb458e5bc60ed7da6c8af2229596e1e0697f50701
-
SHA512
2947df318501ce13e7b99cf65fc0f18db3086f6ac97727831ffdb253a28fdce3ce10d1d1998b80423d313ae5d375ad2f65ff9b3741774e2a3632de7862364a0e
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-