General
-
Target
vbc.exe
-
Size
507KB
-
Sample
220621-rs5btagde6
-
MD5
ec674714ea9fceaeb27e6ff8254cc6cf
-
SHA1
2765073f8de6ae7ac1a2fe30cd5fb6b1621de87e
-
SHA256
d255d1164f43fdf64d7483924dc20bb80bb263cdf25248bba4a319f5e60ae051
-
SHA512
6586eefa19cdc71f8ded018161406e7e76f56a897bb5a294dd5af7b938d7d671f51e23692ffa30a84cbd8a87568d8b5ee3a9a672432b815786a8ceff91b388ba
Static task
static1
Behavioral task
behavioral1
Sample
vbc.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.8
g36t
lMQv4tMwEbmRMHuTS1o=
N0DCrXZexRPYbnjaRwZAcQv9wuLU2A==
dZjxqEkfzPJ/rC5zz3+u/auwfw==
Qlaviswi13AyymE6l0Nw9pzGsc15
33d/rWD46fqQgGMD4ROF
u84/JQPRKEXX3nL935WD2S/LUnho
2/BsWjkFZIwoI8hYvWmn/auwfw==
sdpdc5HpeMOIJ3uTS1o=
ao3LNDlO8s1eUA==
y+JrVFtbE1vDWmvTjBNP0Q==
nTodzb1VAp1PDUqWaI6a
JryNZh35WogavaxJsw==
QM3NudrpXncEvaxJsw==
NUq8ZyY8L4DyvaxJsw==
3MNfTCY6KMnZWGDH
i5YoELxZLuGN
P2bWybaYBCO4tg7AnbMqIEeW
UF7MvWmO6AupQzIVhFI=
XejCnlPw0nErTXmaw/Vouqae
KEClgL0ParZqVnaaw/Vouqae
GZKGaK9F4RnZWGDH
qNUz67fMwBysfoWm25iN
4f5gQzNJM8nZWGDH
U4dHrepG8/eHfh+tI/x1xd2DSlnQespg
IzK+qWrf/Bfn9vk=
gpbmmGtJt9qyXOK0rA45yA==
5/dJ/d2xYPm7Xo7FrA45yA==
FayTfyX/5TG+i4Xfx9pae0GB
LrmXQqxa96u467yWSlg=
QlOoYQLk1RqwuHuTS1o=
mSxT2b0shrYoRw==
bY/z4P0Uz1oIvaxJsw==
fiDyy5+xlCXqmLoXrA45yA==
QeDHoldjTNudrEctFudRaj8=
cgXZl/RKAJ+CP+/VN+TZNKMnDZtLUC4=
6oqWeffXvxPWRFbXvOZKP60N08h4
xF9UPNOviiz+lqIErA45yA==
QdrNvCKsplEmSXem25iN
t1xSNf3ehveEQTwo2mhYwA==
E6yAXXYhhfDAcoKWaI6a
gBoUAUFhM7uQUzWWaI6a
+JRVMPnmRLqCHqFBESdd1g==
lCkoF6ZDq79iea/X0oi82MAqEZtLUC4=
8IlVAxZwTbLAYPY=
/paAaRLenLLAYPY=
75uSUnzhzO2D
LVfZzKqUAFUMvaxJsw==
D61pwXpZLuGN
mjRMOYYY0dlF73ZYx2hhiclDByjQespg
bITeuN1GpcZRJFfv7LCfCIEK9WnQespg
bn/Nq5RwLsnZWGDH
XGzjlgronMFZNVCyY/AqIEeW
PFrPsaXz5NJuRO8=
ECKNcscmhtultHuTS1o=
olA1GKE8nrtJLFnBb/UqIEeW
nTok/qZ2LnHplrM7I9/PM9zhvZ8=
/gRiOitQ9YZXHK1OX5oqIEeW
IjOjjbAO43UpGCmFZ3mz/auwfw==
rM0/87PNtUQUzfiOcpzmYqF5BEj10A==
JEzDqe2AZwWwgbkk3f5prZR4BEj10A==
j6cL+xpvTbLAYPY=
LUaWRGvTfyLWYc9Brg==
7x4rDNZ1S9o=
yVs57G5BIIKDmizC
evolutionitsystems.com
Targets
-
-
Target
vbc.exe
-
Size
507KB
-
MD5
ec674714ea9fceaeb27e6ff8254cc6cf
-
SHA1
2765073f8de6ae7ac1a2fe30cd5fb6b1621de87e
-
SHA256
d255d1164f43fdf64d7483924dc20bb80bb263cdf25248bba4a319f5e60ae051
-
SHA512
6586eefa19cdc71f8ded018161406e7e76f56a897bb5a294dd5af7b938d7d671f51e23692ffa30a84cbd8a87568d8b5ee3a9a672432b815786a8ceff91b388ba
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-