General
-
Target
Bank swift.exe
-
Size
594KB
-
Sample
210420-2a8pc378q6
-
MD5
cb045e8eaa8c74a5b79da54d9cb038ea
-
SHA1
d291b57e8a814e02111b0146687dfb09263ab73c
-
SHA256
47031aee7dc67644c841246a50bacd54a31d56603c1305d9966fb56c3b3cb448
-
SHA512
b07ab3643ab4b77829cb89b2c45e0227b018d83050905b7c85bf939f7d99e6e324df3c6aac0700a9622f290ed03d57eb5c864d7778d4ef86537dea443ba49af5
Static task
static1
Behavioral task
behavioral1
Sample
Bank swift.exe
Resource
win7v20210410
Malware Config
Extracted
formbook
4.1
http://www.joomlas123.info/3nop/
bakecakesandmore.com
shenglisuoye.com
chinapopfactory.com
ynlrhd.com
liqourforyou.com
leonqamil.com
meccafon.com
online-marketing-strategie.biz
rbfxi.com
frseyb.info
leyu91.com
hotsmail.today
beepot.tech
dunaemmetmobility.com
sixpenceworkshop.com
incrediblefavorcoaching.com
pofo.info
yanshudaili.com
yellowbrickwedding.com
paintpartyblueprint.com
capricorn1967.com
meucarrapicho.com
41230793.net
yoghurtberry.com
wv0uoagz0yr.biz
yfjbupes.com
mindfulinthemadness.com
deloslifesciences.com
adokristal.com
vandergardetuinmeubelshop.com
janewagtus.com
cloudmorning.com
foresteryt01.com
accident-law-yer.info
divorcerefinance.guru
wenxiban.com
589man.com
rockerdwe.com
duftkerzen.info
igametalent.com
yoursafetraffictoupdates.review
jialingjiangpubu.com
maximscrapbooking.com
20sf.info
shadowlandswitchery.com
pmbnc.info
shoppingdrift.online
potashdragon.com
ubkswmpes.com
064ewj.info
rewsales.com
dealsforyou.tech
ziruixu.com
naehascloud.com
smokvape.faith
sunflowermoonstudio.com
stepgentertainment.com
tawbj.info
besthappybuds.net
koohshoping.com
ajikrentcarsurabaya.com
jkjohnsroofingfl.com
whatsnexttnd.com
yoyodvd.com
Targets
-
-
Target
Bank swift.exe
-
Size
594KB
-
MD5
cb045e8eaa8c74a5b79da54d9cb038ea
-
SHA1
d291b57e8a814e02111b0146687dfb09263ab73c
-
SHA256
47031aee7dc67644c841246a50bacd54a31d56603c1305d9966fb56c3b3cb448
-
SHA512
b07ab3643ab4b77829cb89b2c45e0227b018d83050905b7c85bf939f7d99e6e324df3c6aac0700a9622f290ed03d57eb5c864d7778d4ef86537dea443ba49af5
-
Formbook Payload
-
Adds policy Run key to start application
-
Suspicious use of SetThreadContext
-