General
-
Target
vbc.exe
-
Size
929KB
-
Sample
230322-l8h6magb96
-
MD5
a2b6815c9698017685973d659c6fa3ba
-
SHA1
711825fd9865c9b1ca177df8301058a96bf7968d
-
SHA256
bcb2ba08e3ef1e2650c2276989c6d12e2277015deee0e4731f7099be07e63788
-
SHA512
3f943ead12ce94547e336ae9ac16b74f37a2f37c1b44180a606c0155faae0b664ec8bfca1a622309ffa3bf202a7bfd81abfd3b06babc6d02efa10f449837d79c
-
SSDEEP
12288:6cNpFJUGzl06/TgTU48e9NyCGTyIkNOmun7ZI/GYLS+bmtHq75JM/GQsqYn:Pzl06MFxyCGTRkNOpFI/fmEaqVJM/By
Static task
static1
Behavioral task
behavioral1
Sample
vbc.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
bk08
chloie.net
fastingersecure.monster
foundersterrace.online
ytorly.xyz
kiralayolla.com
corporacionalpi.com
planfortheworld.com
disciplinecoaching.co.uk
rubi33.com
digitlabmedia.com
ky20033.com
h4q7.com
91ye260.xyz
coconceptevents.com
ukusizas.africa
utainnovative.africa
ted-clean.co.uk
haus-huelsche.com
ca-refund.website
football.salon
cloudprovident.com
donesgaiwork.com
lilycandles.com
fiedjapan.com
bioticawater.co.uk
adaptiveinvestmentsllc.com
coreypowers.com
kci.biz
everlegacycoldstorage.online
blackmatchgaming.com
alnour-avocats.com
hotelvillaverdehn.com
furniture-47390.com
bnekesoi.link
hitidigital.net
c66u.xyz
inc64.com
autoe.live
ttl7645.com
ergoconstructionservices.ltd
mythologynme.com
6n899.com
haveskeimany.com
ghhhrhbdfghapi02.xyz
cookiesseedzbank.com
diyet.app
denizatiplushotel.com
indiahalalexpo.com
evklvq.com
distrolution.app
accel.top
laniemade.com
n13ax.com
19luxu.com
funfact-infoworld.com
acnereset.com
jamestownohiochamber.com
leadgeneration.works
1wijjx.top
appsinclouds.site
biz4search.online
houseofperson.com
karencaseyphoto.net
76845.site
7701666.vip
Targets
-
-
Target
vbc.exe
-
Size
929KB
-
MD5
a2b6815c9698017685973d659c6fa3ba
-
SHA1
711825fd9865c9b1ca177df8301058a96bf7968d
-
SHA256
bcb2ba08e3ef1e2650c2276989c6d12e2277015deee0e4731f7099be07e63788
-
SHA512
3f943ead12ce94547e336ae9ac16b74f37a2f37c1b44180a606c0155faae0b664ec8bfca1a622309ffa3bf202a7bfd81abfd3b06babc6d02efa10f449837d79c
-
SSDEEP
12288:6cNpFJUGzl06/TgTU48e9NyCGTyIkNOmun7ZI/GYLS+bmtHq75JM/GQsqYn:Pzl06MFxyCGTRkNOpFI/fmEaqVJM/By
-
Formbook payload
-
Deletes itself
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-