General
-
Target
swift.exe
-
Size
531KB
-
Sample
210503-dwg7rqt1y2
-
MD5
a3aa510eb6f74e8dfc7a8c3bcd0fedf6
-
SHA1
286e81ec896f6746a1ca48e59dc6735c25249a37
-
SHA256
3f359e1a20563017c2f66a4e01136fbd73a9293ca1ce3df2dd880a94b9eee23e
-
SHA512
28c5048dda26762d5859488ef46cc222de632174e35d62e07b05ede307ec35309fd5636b53ba454e26386fb7033a8ae60f3cfe920b075cc1373589b14dfee2aa
Static task
static1
Behavioral task
behavioral1
Sample
swift.exe
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
http://www.jqjdgw.com/ued5/
italiancosmeticbeauty.com
zhima7.com
phresheffect.com
comp-savvy.net
xjhtcaum.com
copperbrassgermkey.com
smero.financial
opticsoptimum.com
pisanosportpraxis.com
pediatricfeedrates.com
binsogleam.com
sarahseatter.com
wywatershed.com
smellyhomeshop.com
naviorchidlife.com
cunerier.com
thecornercomputers.com
brightwoodcollection.com
taxprep-repsolutions.net
phukien4u.net
crezcayemprenda.com
terrasroraima.com
vinkot.com
endthefatblogs.com
nwmicrobefreesolutions.com
chandlerguo.com
pacificedgesunglasses.com
hurrygift.com
felocacasa.com
zoom-sides.com
dovesprinklers.com
caravaggioclothing.com
renchengjixie.com
hfctzdsns.club
sukaa.tech
gurukulmitra.com
thedailyprocrastinator.com
xinxiu.store
woodlanddentalcarefl.com
pyperpay.com
fabularo.com
tvdajiang14.com
ihatesammamish.com
bbluebelttvwdbuy.com
replenish-skin.com
qf577.com
freemoneyfornursingschool.com
lpida.com
schmelzens.com
exuberantemodafeminina.com
babylandclothing.com
designer-dropship.com
sbeconlineacademy.com
homeandcabinwoodsigns.com
cqxiangcida.com
806queen.com
metropolisgrowlers.com
easycremationserviceusa.com
greenpis0n.com
vagasportal.com
hargsgroup.com
hyrerecruiting.com
carlsonwagonlit.sucks
beischabig.com
Targets
-
-
Target
swift.exe
-
Size
531KB
-
MD5
a3aa510eb6f74e8dfc7a8c3bcd0fedf6
-
SHA1
286e81ec896f6746a1ca48e59dc6735c25249a37
-
SHA256
3f359e1a20563017c2f66a4e01136fbd73a9293ca1ce3df2dd880a94b9eee23e
-
SHA512
28c5048dda26762d5859488ef46cc222de632174e35d62e07b05ede307ec35309fd5636b53ba454e26386fb7033a8ae60f3cfe920b075cc1373589b14dfee2aa
-
Xloader Payload
-
Suspicious use of SetThreadContext
-