General
-
Target
vbc.exe
-
Size
934KB
-
Sample
221126-zjg4xsgc9v
-
MD5
444e92ce2d99f78435cc4357f146193c
-
SHA1
fd31840e971170556f3731965b226784bc896416
-
SHA256
0962d318f1cf7b3f98240a0bca0c2cd2b9d931b7daeebb7e3957f60a68e4a4cd
-
SHA512
294e0d0cd58c50f1bf642b031c1857bc7fae00194a1135a9d5aa234e56fa55a0b82d2755b98a58dc1e4d1310cf555805cb0900cde2826a48e735591a5b0e754d
-
SSDEEP
24576:aM+L74mBfNUstzooe/abyofZnbrFKThQQYAMB/C3r8JN:Z/abJrFqnYAMAI
Static task
static1
Malware Config
Extracted
formbook
pp14
96uCxeCMKh6g6SZ8
PdaMqgUpFicVDUjoSA==
zvepxwzr55Q=
3oMyd5GPXs7G+zJ0
dPyeXJlGZ8qN
hyXv/m14WzerZqV60JkjLg==
Dsuw8nKBZVGMvs7YvNE=
bRgERMHOlIExCW4=
LcGAquTzzX3C+3k=
AqVgic3GpXl1U8fJppt8Akfy
GbKInrcZ3aKhgZumCtM=
kUAwhBdMLRTBcMH3zQ+t26/dvRnvtQ==
5W5AvLNGZ8qN
Weuz0R5Bgka7CQ==
Kr+D2aolbJJOY93WutE=
lTkLF2FvPwIA5VFe9MPew8C24Mc=
ulcKFdJNl9jG+zJ0
NO3uBYm3j4ExCW4=
wGUnT2mMjYExCW4=
4a2cvxAbBRkPGnM=
r0QYmW0jphzSS6H40Jt8Akfy
9YdBXft4r8QSFz+OH9k=
5Yhoir/Y8VHgKkriSQ==
t0gOFOV9CPd80UMObDJZulk=
bg/bF9c5gc3G+zJ0
SOGx9XiTd4pQ+TILZeQ3mEc=
U3wpV0vvgka7CQ==
Quuv19nUtUtHJJngzR6v9zeZZoPQ
u2MMip+ZTNKT
uoF0rnVVS0vGV3s/meyVGm7d0lgUKPpUBA==
aiUUFVuWl1SMeZsh+crr
YhXbCp0hw6UgX7J60JkjLg==
BMKi2Zwae70xk+nz/8Pj
35yDqS+j2J6aST+OH9k=
33w+qXNuQsLG+zJ0
zmUoXxQK01kZqwVIFFppbLNhrsY=
+n1Ce4mRi4ExCW4=
Ibd437vi36Lf6Sa30JkjLg==
by0IJaC1joExCW4=
XO+y4aI6m57RKkriSQ==
TeWr4KU9kX+22zbQ7LRFOQ==
Eb7BAVB7kgXG+zJ0
RvnnBSVeUd/PxTAGZOQ3mEc=
lD44WFtGZ8qN
2QGCFBrK70zbEQ==
kklBZzR/h4fD3UYELCJVOQ==
xEsMJclYxx/GZ7XOLCJVOQ==
C51rd3EdoSPfhfXz/8Pj
FZFmnseJBVffKkriSQ==
p2pYVFlGZ8qN
64xanC9jVDN5hshX+sE=
2o9egJe0pVRFGj+OH9k=
1nE9V6CmoZfbMmR3Fts=
ILp1a7Xc59YMFz+OH9k=
Veqswwjd2aHVBQ==
oSv4OVNQFZeRTT+OH9k=
RgHh5bBRAU/cKkriSQ==
lzn0PkPhYg+B9jN2
DaN8mp+jiSbwjffz/8Pj
BtO3zeMA85iWTT+OH9k=
URP362DTHCifKkriSQ==
pEcHJYK8vb8DHH41jeyBmN4CexNuvQ==
oUD6FGF9bkZvZKh+0JkjLg==
qjkFYbq9hyTgbbd3XTExLUjs
escortsforme.com
Extracted
xloader
3.Æ…
pp14
96uCxeCMKh6g6SZ8
PdaMqgUpFicVDUjoSA==
zvepxwzr55Q=
3oMyd5GPXs7G+zJ0
dPyeXJlGZ8qN
hyXv/m14WzerZqV60JkjLg==
Dsuw8nKBZVGMvs7YvNE=
bRgERMHOlIExCW4=
LcGAquTzzX3C+3k=
AqVgic3GpXl1U8fJppt8Akfy
GbKInrcZ3aKhgZumCtM=
kUAwhBdMLRTBcMH3zQ+t26/dvRnvtQ==
5W5AvLNGZ8qN
Weuz0R5Bgka7CQ==
Kr+D2aolbJJOY93WutE=
lTkLF2FvPwIA5VFe9MPew8C24Mc=
ulcKFdJNl9jG+zJ0
NO3uBYm3j4ExCW4=
wGUnT2mMjYExCW4=
4a2cvxAbBRkPGnM=
r0QYmW0jphzSS6H40Jt8Akfy
9YdBXft4r8QSFz+OH9k=
5Yhoir/Y8VHgKkriSQ==
t0gOFOV9CPd80UMObDJZulk=
bg/bF9c5gc3G+zJ0
SOGx9XiTd4pQ+TILZeQ3mEc=
U3wpV0vvgka7CQ==
Quuv19nUtUtHJJngzR6v9zeZZoPQ
u2MMip+ZTNKT
uoF0rnVVS0vGV3s/meyVGm7d0lgUKPpUBA==
aiUUFVuWl1SMeZsh+crr
YhXbCp0hw6UgX7J60JkjLg==
BMKi2Zwae70xk+nz/8Pj
35yDqS+j2J6aST+OH9k=
33w+qXNuQsLG+zJ0
zmUoXxQK01kZqwVIFFppbLNhrsY=
+n1Ce4mRi4ExCW4=
Ibd437vi36Lf6Sa30JkjLg==
by0IJaC1joExCW4=
XO+y4aI6m57RKkriSQ==
TeWr4KU9kX+22zbQ7LRFOQ==
Eb7BAVB7kgXG+zJ0
RvnnBSVeUd/PxTAGZOQ3mEc=
lD44WFtGZ8qN
2QGCFBrK70zbEQ==
kklBZzR/h4fD3UYELCJVOQ==
xEsMJclYxx/GZ7XOLCJVOQ==
C51rd3EdoSPfhfXz/8Pj
FZFmnseJBVffKkriSQ==
p2pYVFlGZ8qN
64xanC9jVDN5hshX+sE=
2o9egJe0pVRFGj+OH9k=
1nE9V6CmoZfbMmR3Fts=
ILp1a7Xc59YMFz+OH9k=
Veqswwjd2aHVBQ==
oSv4OVNQFZeRTT+OH9k=
RgHh5bBRAU/cKkriSQ==
lzn0PkPhYg+B9jN2
DaN8mp+jiSbwjffz/8Pj
BtO3zeMA85iWTT+OH9k=
URP362DTHCifKkriSQ==
pEcHJYK8vb8DHH41jeyBmN4CexNuvQ==
oUD6FGF9bkZvZKh+0JkjLg==
qjkFYbq9hyTgbbd3XTExLUjs
escortsforme.com
Targets
-
-
Target
vbc.exe
-
Size
934KB
-
MD5
444e92ce2d99f78435cc4357f146193c
-
SHA1
fd31840e971170556f3731965b226784bc896416
-
SHA256
0962d318f1cf7b3f98240a0bca0c2cd2b9d931b7daeebb7e3957f60a68e4a4cd
-
SHA512
294e0d0cd58c50f1bf642b031c1857bc7fae00194a1135a9d5aa234e56fa55a0b82d2755b98a58dc1e4d1310cf555805cb0900cde2826a48e735591a5b0e754d
-
SSDEEP
24576:aM+L74mBfNUstzooe/abyofZnbrFKThQQYAMB/C3r8JN:Z/abJrFqnYAMAI
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-