General
-
Target
vbc.exeiyravbmu
-
Size
1.5MB
-
Sample
220522-gh9tfabhcp
-
MD5
446b9bdfbfe21f14cb22ecec666ff7a8
-
SHA1
bee52647caae69d434aade7a64ad2ee4f50247de
-
SHA256
6666b32f52c7d860404d64bf37bdfbea7f7aa38cb0a12f326c515469551d991f
-
SHA512
beaaf39e78b1a7c2e2a54de03631d2df3d374cff09b9c68bd2c89e80f85e60c6223795e3e59a5d8f7871c41afa54be56994679db736d8ffc823f948b9feecfc2
Static task
static1
Behavioral task
behavioral1
Sample
vbc.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.6
arh2
hstorc.com
blackountry.com
dhrbakery.com
dezhouofit.com
defipayout.xyz
ginas4t.com
byzbh63.xyz
qrcrashview.com
mialibaby.com
enhaut.net
samainnova.com
yashveerresort.com
delfos.online
dungcumay.com
lj-counseling.net
fliptheswitch.pro
padogbitelawyer.com
aticarev.com
sederino.site
bestplansforpets-japan3.life
radicallysimplesupps.com
sandbagmaker.com
misdcf.xyz
nbpz.xyz
floridasunbreaks.com
justfinishesofcolorado.com
homemethtestkit.com
chaquetashapticas.com
zodiactshirt.com
tees.email
zxzx999.com
tempepdf.com
watchusroll.com
parotacenter.com
assistcourse.online
paulstilingroup.com
cnbcfx.com
mooncore.xyz
laplugnation.com
gosti24.com
cthomassolutions.com
rkhubs.com
aboutpier.com
multimediaroomandboard.com
iamparrot.com
wifitest.info
nounworld.com
xpartner.biz
128grandviewdrivenewportnsw.com
bakiin.com
suitcell.com
onehitgamerstudios.com
bathingsuitsshoppingus.com
wingstarifa.com
ccasudqi.com
epiconscious.com
ponponshoes.com
cicom.tech
safetynetinc.net
recanto.xyz
sellsidelite.net
kevmoinesproperties.com
hdwallpaperpics.life
57gznfw.xyz
abtys6.online
Targets
-
-
Target
vbc.exeiyravbmu
-
Size
1.5MB
-
MD5
446b9bdfbfe21f14cb22ecec666ff7a8
-
SHA1
bee52647caae69d434aade7a64ad2ee4f50247de
-
SHA256
6666b32f52c7d860404d64bf37bdfbea7f7aa38cb0a12f326c515469551d991f
-
SHA512
beaaf39e78b1a7c2e2a54de03631d2df3d374cff09b9c68bd2c89e80f85e60c6223795e3e59a5d8f7871c41afa54be56994679db736d8ffc823f948b9feecfc2
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-