General

  • Target

    vbc.exeiyravbmu

  • Size

    1.5MB

  • Sample

    220522-gh9tfabhcp

  • MD5

    446b9bdfbfe21f14cb22ecec666ff7a8

  • SHA1

    bee52647caae69d434aade7a64ad2ee4f50247de

  • SHA256

    6666b32f52c7d860404d64bf37bdfbea7f7aa38cb0a12f326c515469551d991f

  • SHA512

    beaaf39e78b1a7c2e2a54de03631d2df3d374cff09b9c68bd2c89e80f85e60c6223795e3e59a5d8f7871c41afa54be56994679db736d8ffc823f948b9feecfc2

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

arh2

Decoy

hstorc.com

blackountry.com

dhrbakery.com

dezhouofit.com

defipayout.xyz

ginas4t.com

byzbh63.xyz

qrcrashview.com

mialibaby.com

enhaut.net

samainnova.com

yashveerresort.com

delfos.online

dungcumay.com

lj-counseling.net

fliptheswitch.pro

padogbitelawyer.com

aticarev.com

sederino.site

bestplansforpets-japan3.life

Targets

    • Target

      vbc.exeiyravbmu

    • Size

      1.5MB

    • MD5

      446b9bdfbfe21f14cb22ecec666ff7a8

    • SHA1

      bee52647caae69d434aade7a64ad2ee4f50247de

    • SHA256

      6666b32f52c7d860404d64bf37bdfbea7f7aa38cb0a12f326c515469551d991f

    • SHA512

      beaaf39e78b1a7c2e2a54de03631d2df3d374cff09b9c68bd2c89e80f85e60c6223795e3e59a5d8f7871c41afa54be56994679db736d8ffc823f948b9feecfc2

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • Xloader Payload

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Tasks