General
-
Target
Swift File_pdf.exe
-
Size
212KB
-
Sample
210226-ens7mpmdze
-
MD5
5db240ab92ef9f9e14f96816cce4f656
-
SHA1
2f9b2f695654dafe3e7383bf5afa71c6277a4917
-
SHA256
5be04026087a580dcf1dd996c523a3fea40d5d86f9b7f8596562dec1f7f906c7
-
SHA512
30970072756574169b05a1e7161fd8c2e36bea6496051a867c649ed0945c4f0d34ca8ba884f5a1a460737b639ee7f5e58ac53763b7924baa3cdc213d0afdca16
Static task
static1
Behavioral task
behavioral1
Sample
Swift File_pdf.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.layoutsbox.com/g832/
thevalleycatholic.com
zhiyaanmo.com
commagx4.info
hozehapps.com
arbeitskrafte.net
mlpsdigital.com
79firerescue.com
tabby.info
ghjkl456.com
yige6688.com
mejungle.net
quanahpictures.com
swifter.tech
iraems.com
personaljie.tech
mima-tech.com
jonaskold.com
taxicabairports.com
worldarenaproperties.com
rentmy.place
manorblue.com
gastouderbureaumoedernatuur.com
8wym-sa5.com
sieutool.net
unisonptnrs.com
hkyda-uk.com
uniquemaatwerk.online
geeksaudio.com
5672018.com
htmlit.net
beautyinseoul.asia
dhatusiri.com
7sa3.com
normalizingillegalbehavior.com
keystohumanconnection.com
abilitess.com
roomrain.com
greenscateringservices.com
blogisit.com
minimalyurufootballer.com
wearecdi.com
shoptype.net
lijingsx.com
51zhongfa.com
eadubai.com
aispokenhere.com
realbpc.com
leadhandout.com
pronewsystembest.club
drawplanbd.com
555lucky.net
deardhalia.com
southwellholidaycottage.com
rayhanrony.com
greatstape.com
beiser-sa.com
mestredasfrases.com
mi-tipofthemitt.com
skxrxxf7j87.com
malkompreno.com
newhorizonsalpacas.info
askquestionslaterr.com
zhu-yu.taipei
stcroixmountain.com
Targets
-
-
Target
Swift File_pdf.exe
-
Size
212KB
-
MD5
5db240ab92ef9f9e14f96816cce4f656
-
SHA1
2f9b2f695654dafe3e7383bf5afa71c6277a4917
-
SHA256
5be04026087a580dcf1dd996c523a3fea40d5d86f9b7f8596562dec1f7f906c7
-
SHA512
30970072756574169b05a1e7161fd8c2e36bea6496051a867c649ed0945c4f0d34ca8ba884f5a1a460737b639ee7f5e58ac53763b7924baa3cdc213d0afdca16
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-