General
-
Target
USD980950_Swift.exe
-
Size
1.3MB
-
Sample
210726-jyspewdw8e
-
MD5
0e2f9d545ac87b4e9762ca50e2bf15ab
-
SHA1
f4678bb9036c097dfe4bff4794de64eb39c369c4
-
SHA256
fabf4628b3813230d81f4c1a4991a0fe21550362177dd7b451e80c6a839b6814
-
SHA512
86cca0ab67312068c408aee261b372c933b71dc85d51df9e11e9eb5c398e1b0353d0f897e6ba8f72048783485421075805c25c64e767d49d00f26f99ad79c07c
Static task
static1
Behavioral task
behavioral1
Sample
USD980950_Swift.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
http://www.bodymoisturizer.online/q4kr/
realmodapk.com
hanoharuka.com
shivalikspiritualproducts.com
womenshealthclinincagra.com
racketpark.com
startuporig.com
azkachinas.com
klanblog.com
linuxradio.tools
siteoficial-liquida.com
glsbuyer.com
bestdeez.com
teens2cash.com
valleyviewconstruct.com
myfortniteskins.com
cambecare.com
csec2011.com
idookap.com
warmwallsrecords.com
smartmirror.one
alertreels.com
oiop.online
61cratoslot.com
hispanicassoclv.com
pennyforyourprep.com
fayansistanbul.com
superbartendergigs.club
herr-nourimann.com
oatkc.net
romahony.com
sportcrea.com
crystalnieblas.com
lcmet.com
nwaymyatthu-mm.com
edsufferen.club
apispotlight.com
shadowcatrecording.com
capwisefin.com
themesinsider.com
kadrisells.com
db-82.com
rentyoursubmarine.com
rin-ronshop.com
donzfamilia.com
loyalcollegeofart.com
socialize.site
shadesailstructure.com
smcenterbiz.com
zcdonghua.com
1420radiolider.com
ckenpo.com
trucksitasa.com
getthistle.com
usvisanicaragua.com
josiemaxwrites.com
dehaagennutraceuticals.com
noiaapp.com
blinbins.com
getreitive.com
turmericbar.com
manifestwealthrightnow.com
garagekuhn.com
longviewfinancialadvisor.com
hallworthcapital.com
Targets
-
-
Target
USD980950_Swift.exe
-
Size
1.3MB
-
MD5
0e2f9d545ac87b4e9762ca50e2bf15ab
-
SHA1
f4678bb9036c097dfe4bff4794de64eb39c369c4
-
SHA256
fabf4628b3813230d81f4c1a4991a0fe21550362177dd7b451e80c6a839b6814
-
SHA512
86cca0ab67312068c408aee261b372c933b71dc85d51df9e11e9eb5c398e1b0353d0f897e6ba8f72048783485421075805c25c64e767d49d00f26f99ad79c07c
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Xloader Payload
-
Suspicious use of SetThreadContext
-