General
-
Target
swift.05fd90a7-b0d0-49e8-9d15.exe
-
Size
1.1MB
-
Sample
210119-49cexcgd4e
-
MD5
b8d1d81917069e3cdf34088836efe9c0
-
SHA1
b7161586fa8437a6bdf0d3a15c831d35b0f0e262
-
SHA256
e79083b58aae06c0413f65d3979fcad177112e4f49ef3568d0b52392b07ff720
-
SHA512
e116f728f36e09cd325a8617668d434db555cffa4282dba96591afa974f4c79bb0385922677eb67945c98b3508648397b1af16041388c7224cb1ebbf9a7f5e72
Static task
static1
Behavioral task
behavioral1
Sample
swift.05fd90a7-b0d0-49e8-9d15.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.wekrazy.com/ianv/
toysclass.com
baohiemthuduc.com
dronesracers.com
wallis-platform.com
waltermorgan.fitness
vsn-designs.com
cengjing.life
trackcatologueorders.com
newworkpay.com
brainywoodindia.com
myrtlebeachstripperstoyou.com
saori.cloud
10fastvpn.com
freemindsweden.com
phatsquares.com
pandemia.tienda
7560eads6.com
sabjidada.com
zhyingj.group
nailmanicurest.com
makkoho.net
biaobazhongxin.com
wwwyourcardoctor.com
careless-customers2.com
greghickmanrealestate.com
testdomain0606.site
cantstealmyvote.com
binismailhealthcare.com
impact-holdingsgroup.com
plastic-girl.com
itcomputershn.com
racevx.xyz
jiangsuruiyou.com
tuding1688.com
kimloaig7.net
kannanconsulting.com
reconnecttogod.com
solverstv.com
therecover.computer
iamalittlesomething.com
rottendemocrats.com
triplayover.com
classonlinepy.com
magapatriotsdeals.com
casafacilpe.com
umasolarsupply.com
getinfloww.com
thecleanlifellc.com
knownyork.com
practicewithpersia.com
hervirtuouslife.com
goldjewelrybuyersplano.com
belleharlo.com
bundatrima.online
localvahomes.com
petreltradingchambers.com
jueligh.com
awadata.com
craftedcompulsion.com
dresiara.com
natsu-blog.net
nonbartv.com
greezymobbent.com
opelakcesoria.online
Targets
-
-
Target
swift.05fd90a7-b0d0-49e8-9d15.exe
-
Size
1.1MB
-
MD5
b8d1d81917069e3cdf34088836efe9c0
-
SHA1
b7161586fa8437a6bdf0d3a15c831d35b0f0e262
-
SHA256
e79083b58aae06c0413f65d3979fcad177112e4f49ef3568d0b52392b07ff720
-
SHA512
e116f728f36e09cd325a8617668d434db555cffa4282dba96591afa974f4c79bb0385922677eb67945c98b3508648397b1af16041388c7224cb1ebbf9a7f5e72
-
Xloader Payload
-
Suspicious use of SetThreadContext
-