General
-
Target
Swift Copy.exe
-
Size
862KB
-
Sample
210115-cxxraxkk8x
-
MD5
d9f053e22a958a4a680bb3793aeedc45
-
SHA1
7a534201eec5c748471411c159fbabd5696be470
-
SHA256
aaf7cb6e80034a3fcf68ea50696962f7b5837bea089f9193070165f6a3f602c3
-
SHA512
07b999319bbc2fab211cc85b9ec0b56d71224152564d338ba0fb6b2ba81336c8409fcec0f97b22182c54d2d4eec672cf8271a68ddd3b4f4874c76192cbb5e434
Static task
static1
Behavioral task
behavioral1
Sample
Swift Copy.exe
Resource
win7v20201028
Malware Config
Extracted
lokibot
http://51.195.53.221/p.php/cfOoZYb0LXPms
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Swift Copy.exe
-
Size
862KB
-
MD5
d9f053e22a958a4a680bb3793aeedc45
-
SHA1
7a534201eec5c748471411c159fbabd5696be470
-
SHA256
aaf7cb6e80034a3fcf68ea50696962f7b5837bea089f9193070165f6a3f602c3
-
SHA512
07b999319bbc2fab211cc85b9ec0b56d71224152564d338ba0fb6b2ba81336c8409fcec0f97b22182c54d2d4eec672cf8271a68ddd3b4f4874c76192cbb5e434
-
Suspicious use of SetThreadContext
-