General

  • Target

    vbc.exe

  • Size

    269KB

  • Sample

    220621-az9rfahbb3

  • MD5

    5bec1fc847c595a94fbe7efb0695c640

  • SHA1

    9f37ae30983b62b6101e4a0808b7200312005dfe

  • SHA256

    39a3f149c23d6a96537aa6efeeedcd2dacb5d92103c736c115ef37a3054a6aa7

  • SHA512

    c1aebac29e304a48cbbf60079bb0a516740b3acb0c35b88281bdf9ecc9bd1ed4316410b7fe065b44723bbb0cd4c7857f1d147c21a69dd1eccf669f1e3d5a5e78

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

uu0p

Decoy

easeupp.com

ffffcc.xyz

commercialsymposium.com

bahamascargologistics.com

avajwelr.xyz

flipwatch.xyz

serprobumar.com

zlasher.store

zxlsn6.com

xiaojiaowanwan.com

hrkpacking.com

visitprnow.com

stkjzz.com

printfusion.net

blackoakssavannah.com

yuiseika.com

watnefarms.com

oneclickmsp.com

niu-tou.com

wholytraffic.com

Targets

    • Target

      vbc.exe

    • Size

      269KB

    • MD5

      5bec1fc847c595a94fbe7efb0695c640

    • SHA1

      9f37ae30983b62b6101e4a0808b7200312005dfe

    • SHA256

      39a3f149c23d6a96537aa6efeeedcd2dacb5d92103c736c115ef37a3054a6aa7

    • SHA512

      c1aebac29e304a48cbbf60079bb0a516740b3acb0c35b88281bdf9ecc9bd1ed4316410b7fe065b44723bbb0cd4c7857f1d147c21a69dd1eccf669f1e3d5a5e78

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

    • suricata: ET MALWARE FormBook CnC Checkin (POST) M2

      suricata: ET MALWARE FormBook CnC Checkin (POST) M2

    • Xloader Payload

    • Adds policy Run key to start application

    • Blocklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks