Overview

overview

10

Static

static

vbc(1).exe

windows7-x64

10

vbc(1).exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vbc(1).exe

  • Size

    304KB

  • Sample

    221123-kq5fgach3s

  • MD5

    60d9730a7f59ab1fd59f0714ef881b06

  • SHA1

    ca8d63135460836a001a38b50c28eae975a2a36c

  • SHA256

    697864448562120dd68a9b3a4c36f294292626999e3c80d3217206544e3f91b1

  • SHA512

    ef6c2bb3fcb705da66416bee8191c9ec7f8992aef9bc5bc108742f15cfc132d2887062e3a85977b0ae005ea8796fb3670517da834534107454957209a851bac4

  • SSDEEP

    6144:U5SuupRIxrjvwT97hu1nbuTnFlzFeVuQqJa64BUR3XR0Ah0eZXBp6bS0fhr8w:UghhwbuTFlzF0uQqCidR0AJrcS0fhr8w

Score
10/10
formbookxloaderpgntloaderratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

pgnt

Decoy

0WG18LbM4lR9iqMRa4nlBzTb

jcfGYzPgZTqFZVO9FV2yIw==

laIfrdSC8/4CNg==

Q73ilev5GIWuOrAAFV2yIw==

Q2u/pMw7pv4sPA==

TbqvIUHwlQscPo0HFV2yIw==

8PNWfGPyE8n0IQ==

WtgROxXzvY2L

PryaRBNjm4eP

Y9Hdi06Cry1um9Sj68YAu1o=

3Gulyp7CMQtR78jvLkk=

JJ3GasTVTCRQT6Tfz6S6GlI=

RnS42bhb9tI0R6UpD6wOxriNxw==

he1mi2sOGfzTRGHnuA==

eaYjCtjxVjdU5XLRtBMBLKk9quA=

k9rTeEqYzzw8WaTfz6S6GlI=

5luVQwe2vJWKEAiMdF4=

MGW14L9OVk5Y5TaR6w/DqdhYxXVY

mAsYz6k6sQkDC0/DoHj9t1RPWLSgFQ==

y5klhuMbE8n0IQ==

Extracted

Family

xloader

Version

3.�E

Campaign

pgnt

Decoy

0WG18LbM4lR9iqMRa4nlBzTb

jcfGYzPgZTqFZVO9FV2yIw==

laIfrdSC8/4CNg==

Q73ilev5GIWuOrAAFV2yIw==

Q2u/pMw7pv4sPA==

TbqvIUHwlQscPo0HFV2yIw==

8PNWfGPyE8n0IQ==

WtgROxXzvY2L

PryaRBNjm4eP

Y9Hdi06Cry1um9Sj68YAu1o=

3Gulyp7CMQtR78jvLkk=

JJ3GasTVTCRQT6Tfz6S6GlI=

RnS42bhb9tI0R6UpD6wOxriNxw==

he1mi2sOGfzTRGHnuA==

eaYjCtjxVjdU5XLRtBMBLKk9quA=

k9rTeEqYzzw8WaTfz6S6GlI=

5luVQwe2vJWKEAiMdF4=

MGW14L9OVk5Y5TaR6w/DqdhYxXVY

mAsYz6k6sQkDC0/DoHj9t1RPWLSgFQ==

y5klhuMbE8n0IQ==

Targets

    • Target

      vbc(1).exe

    • Size

      304KB

    • MD5

      60d9730a7f59ab1fd59f0714ef881b06

    • SHA1

      ca8d63135460836a001a38b50c28eae975a2a36c

    • SHA256

      697864448562120dd68a9b3a4c36f294292626999e3c80d3217206544e3f91b1

    • SHA512

      ef6c2bb3fcb705da66416bee8191c9ec7f8992aef9bc5bc108742f15cfc132d2887062e3a85977b0ae005ea8796fb3670517da834534107454957209a851bac4

    • SSDEEP

      6144:U5SuupRIxrjvwT97hu1nbuTnFlzFeVuQqJa64BUR3XR0Ah0eZXBp6bS0fhr8w:UghhwbuTFlzF0uQqCidR0AJrcS0fhr8w

    Score
    10/10
    formbookxloaderpgntloaderratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks