vbc.exe

General
Target

vbc.exe

Size

757KB

Sample

220623-sjfgrsgdd3

Score
10 /10
MD5

1f65d7826fbcc2d6c50f6c493c901588

SHA1

4290f6b300595e807e8cacd5ff172b0a0f37c845

SHA256

d0c85ba5e6d88e1e0b5f068f125829b4e224b90be2488f2c21317447dc51fb9e

SHA512

e3c15d0229433441300b4e129748c10e966de22c926d641b665a91caf7c371a390004abc24d953a80887be4a791514e1670cb0e8723d6a19ffa5210cd9124f5a

Malware Config

Extracted

Family xloader
Version 2.9
Campaign v4qp
Decoy

je1XQKU1LfJPVLk=

nvf41a7FsTLs6uB/g+CR

U7mryF6DctZn6GEjr9Bm4g==

1SONGrPdh7wGEOXp3g==

2xX859r7qOFq7GYkr9Bm4g==

IYtzVUx0Oo0HmZawLQAARDvBf4dL

NH3iuBPNSzZTvpw/4KaG

rDehfiqIPbdMBS8G1g==

xhb2uJ0eBwo7k3djqxh60xoNt4VoeQ==

AFtKux3JgPGRkx3xUsciR6piSg==

m+3VoJadWcBvOAPpzKUNPoAxyplS

1DWKULdka3mxIKhEqGxQr7gxyplS

DGlFGBqWi5CtrCX9alyTuPzq

muvVM4slyTfxORwAZisVksCM78aSEVo=

D3biNgUbyg9E5pl+

/+1QLPssvl/Xxg==

I4lzTjaAcc1iBS8G1g==

wSwc4MmbShojhlZCrniTuPzq

jN5YO6ZXSfJPVLk=

4TUS4+ANuqHCRTM9sniTuPzq

7Ssfd9ru/HPzWMZ42Z+E

TJl+UkzTsY6g86lyegOU3gw=

0juvfNqRgmJwwpc/4KaG

WJuGVDdhQj1Ux5s/4KaG

FHdjPTRtZc1rPwr8zUQfXogxyplS

1yUI9+gAwMPuYMWALzWc+w==

CW1UNSZVQKAlmQep/XYDYGot8HZX30M=

vRqFbt1zJfH304GOeAOU3gw=

P5CIQS65moOingakeAOU3gw=

d9dBqqBI+vgR0Q==

1zElifgR7DjBQhEgnWqTuPzq

Z60BYmHr5eHr4qiedQOU3gw=

HWU4MRo7NYMKvenJppIKPWxeSQ==

e3BN71BTWfJPVLk=

wy7WdMhKC6ZIBS8G1g==

XquYfmaLfMtjMdvi0UJCve3YPQ9/3VBp

KZGA1zHJgWB5XAUCtW5auQQ=

xiMia8hyQfJPVLk=

fs3InobYUU1v

g/FWtqk8QVV2fvykeAOU3gw=

Gk0rieTkzD/cYMxmtQij4wb9

sQ92QpZSTOWOi15IKJWeEYMaENE=

DmfkxD7hjeFXBS8G1g==

AF/WMxGNm+1qwhvu59Ziy96hOpN/3VBp

mPxzMqdFvl/Xxg==

wbYTecjCf2dE5pl+

bM22jGRvLWbm3dd/g+CR

3T4iifwiBwdGDun0r9Bm4g==

hd/Zp4qeQhkDA7I+sXVavwQ=

Y6UNZTVzVVVE5pl+

Targets
Target

vbc.exe

MD5

1f65d7826fbcc2d6c50f6c493c901588

Filesize

757KB

Score
10/10
SHA1

4290f6b300595e807e8cacd5ff172b0a0f37c845

SHA256

d0c85ba5e6d88e1e0b5f068f125829b4e224b90be2488f2c21317447dc51fb9e

SHA512

e3c15d0229433441300b4e129748c10e966de22c926d641b665a91caf7c371a390004abc24d953a80887be4a791514e1670cb0e8723d6a19ffa5210cd9124f5a

Tags

Signatures

  • Formbook

    Description

    Formbook is a data stealing malware which is capable of stealing data.

    Tags

  • Xloader

    Description

    Xloader is a rebranded version of Formbook malware.

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    Description

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    Tags

  • suricata: ET MALWARE FormBook CnC Checkin (POST) M2

    Description

    suricata: ET MALWARE FormBook CnC Checkin (POST) M2

    Tags

  • Xloader Payload

    Tags

  • Adds policy Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Executes dropped EXE

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Deletes itself

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Uses the VBS compiler for execution

    TTPs

    Scripting
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation