General
-
Target
vbc.bin (1).zip
-
Size
232KB
-
Sample
220622-m97faaffa6
-
MD5
b555b0ee7fbc127284f457e942a86dd3
-
SHA1
f7e56aefbf7d77782a447c28713ff6702948ba35
-
SHA256
3415bf9691f4ab28096a930ff8992ce67e8eff44c9d44f7f626e7a87194e6072
-
SHA512
c6266c4317e69adbfb15032656a955f7206bb45a1abb9a709bc362a5dbf77fd71bc0546f1ce00863b7cbf98d98a13aa915a63d6efb8cac6afc6e4974e8585398
Static task
static1
Behavioral task
behavioral1
Sample
vbc.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.6
vweq
malang-media.com
mrsfence.com
lubetops.com
aitimedia.net
montecryptocapital.com
ahwmedia.com
bvmnc.site
bggearstore.com
bcsantacoloma.online
alltimephotography.com
santacruz-roofings.com
leaplifestyleenterprises.com
censovet.com
similkameenfarms.com
undisclosed.email
thetrinityco.com
rapiturs.com
jedlersdorf.info
mh7jk12e.xyz
flygurlblogwordpress.com
goodbaddesign.com
equipmentrentalpartyplus.com
ohyoutube.com
projetoarvore.com
2379.flights
implemedescribed.com
kreasinesia.com
ownitoffice.com
fortekofteacizyemeknerde.store
my-wh-webproject.com
518499.com
naples-us.com
tlrohio.com
kanchava.com
lcloudfindin.com
cybermatrix.tech
i6lqi.xyz
ebay-online-selling-24.com
afrisectelecoms.com
tiantian997.xyz
strategyvenues.com
marketnear.watch
thebrooklynyogi.com
sonikbuilder.online
voyagesconsulting.com
ledgel0ungers.com
youhadtobethere.biz
disabled-long.com
dental-implants-encounter.life
zydssq.com
livingwell.green
doumao334.xyz
moodysoot.online
licos.xyz
maqitashop.com
doroos.online
laikemiao.com
petrolverse.xyz
apostolicpraise.net
todaychance.com
helightville.com
st-john-fisher-school.com
agwly.com
dashop.pro
zxc3426.xyz
Targets
-
-
Target
vbc.bin
-
Size
273KB
-
MD5
c52ecabaed16aba5fac89d694e7508dc
-
SHA1
492c8828a332dbcc0f68d5ee5b17d9ae994b48c4
-
SHA256
276c6876c250e5ebfd761d05937f5a48f7e4c9a6851293a77ab9bf683c8bbf80
-
SHA512
e8ab6c6c0388f879ba9b2a5628ba1d21b2a21c4c4d99dde017596e8107e5a439b840bc4e751e1af6444fd56046d7a567363aa1edb19d8094329c4324147d777f
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
Xloader Payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-