General
-
Target
SWIFT 00395_IMG.exe
-
Size
13.4MB
-
Sample
210504-z2m1qsqxr6
-
MD5
f19e6012ff248b9b380bb420080258ce
-
SHA1
317ee43a8116aae39f3de3279620ecff4ac05b2c
-
SHA256
069a900aaa6ab5e4b9279cf5bd47e7123c37787f87ac58d6e64383685371ba52
-
SHA512
ad555d5a6bbd753825fba4a4665b4774d88f4011f3c7c6a2c0084fd40e59d66d2880b4a390cc8a172e51b67f8198d0fa481a981c916025f1642ace15c5ab1cdf
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT 00395_IMG.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
http://www.seroungift.com/bbqo/
theinfluenstar.com
1800quilts.com
sonsuz-muzik.com
manilowsmodems.com
amwajcare.com
eam.email
cscosmos.com
tierraovens.com
goimtv.com
checks4d.com
beijig.com
szzyhjj.com
huanchunjx.com
catqq.one
vendasuascartas.com
cannatends.com
cytotecobatpenggugur.com
centralvalleypartners4youth.com
entreforma.com
azhathai.com
crickescore.com
thebestcoffeeshops.com
melacane.com
sunrisemoving.net
hauck-aufhauser.com
katiacontrerash.com
lavi3dscans.com
senmec23.com
photographerleadmachine.com
snowtreeendeavor.com
autosbencar.com
epoform.com
kissdstudio.com
bestdamnseamoss.com
ksdfp-zvhn.xyz
cabletvlasvegas.com
xiangyuwenhua.com
angiesgourmet.com
centerplans.com
xyl.finance
vivilhavemorgenmadnu.com
jaynefgulbin.com
californiahiker.com
hausofzou.com
velocischooner.com
boxj66.com
theboundless.life
backroadinc.com
diemapp.com
whatismychinesename.com
sebags.com
stick.plus
crwebtech.com
famefabulous.com
pubgsetpharaoh.com
northernbackflow.com
goportjitney.com
warzonetracker.net
homesteaddigestemail.com
carboncuriosity.com
sunnahaid.com
makeoverfurn.com
captisimaginem.com
puzed.net
Targets
-
-
Target
SWIFT 00395_IMG.exe
-
Size
13.4MB
-
MD5
f19e6012ff248b9b380bb420080258ce
-
SHA1
317ee43a8116aae39f3de3279620ecff4ac05b2c
-
SHA256
069a900aaa6ab5e4b9279cf5bd47e7123c37787f87ac58d6e64383685371ba52
-
SHA512
ad555d5a6bbd753825fba4a4665b4774d88f4011f3c7c6a2c0084fd40e59d66d2880b4a390cc8a172e51b67f8198d0fa481a981c916025f1642ace15c5ab1cdf
-
Xloader Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-