Overview

overview

8

Static

static

1

vbc.exe

windows7-x64

8

vbc.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vbc.exe

  • Size

    871KB

  • Sample

    230319-b5x59sge2w

  • MD5

    13a237b2f7042de8f7585c54d2432b6c

  • SHA1

    a6803950285eb446fc57d9722507816731ec93f6

  • SHA256

    77194b668ce640225df0d876e991d58dc8c08e809474cd21abe5dc030857cb10

  • SHA512

    8a2f0d7b17d59b3d780fb1b870e9e0e624fdd45a13a67cee856b2587c5b744ea211331e982d83126843805fec96003d2b8f8c2364559dbf2c4eaee611ca4dd87

  • SSDEEP

    12288:hzCmBMpjkjXyuaqPMQK4bUyicmpOwKgkf6QktWivF1HxjqQBxK9i/v8:pcjkj+eMYPivO5f5kWSjpqQBxJ0

Score
8/10
spywarestealer

Malware Config

Targets

    • Target

      vbc.exe

    • Size

      871KB

    • MD5

      13a237b2f7042de8f7585c54d2432b6c

    • SHA1

      a6803950285eb446fc57d9722507816731ec93f6

    • SHA256

      77194b668ce640225df0d876e991d58dc8c08e809474cd21abe5dc030857cb10

    • SHA512

      8a2f0d7b17d59b3d780fb1b870e9e0e624fdd45a13a67cee856b2587c5b744ea211331e982d83126843805fec96003d2b8f8c2364559dbf2c4eaee611ca4dd87

    • SSDEEP

      12288:hzCmBMpjkjXyuaqPMQK4bUyicmpOwKgkf6QktWivF1HxjqQBxK9i/v8:pcjkj+eMYPivO5f5kWSjpqQBxJ0

    Score
    8/10
    spywarestealer

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks