General
-
Target
SWIFT MT103_Pdf.exe
-
Size
652KB
-
Sample
210907-ttxpgagbdp
-
MD5
bde47c8cf36ec091efbf5891096efa05
-
SHA1
98fff03b63be37a6e2772fc62cb933361f615f4f
-
SHA256
c4fbb69a5b90c147f3c92ef7dd08f18d1a8dede5a347ea788160a76bcd6aa44e
-
SHA512
30297d5b9d15b5196791843eb45d1895ed9d2d38b1157a15bf3f0c6d769355c8c901e9f04d943d26f191b5cde7ec6305842aaf9207426406a8b89036d2dd8c04
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT MT103_Pdf.exe
Resource
win7-en
Malware Config
Extracted
xloader
2.3
u86g
http://www.99356a.com/u86g/
agenciaplim.com
fastpage.info
tiantianbd.com
hanedanpirlanta.com
project1accessories.com
rebeccadoumet.com
vrdnfz.com
jeaninesatl.com
isaakwallihconstruction.com
aegis.cloud
tigerandsnow.com
thehappyadventurer.com
ahhazu.com
hiveplushoney.com
k-plan-ning.com
peresvet.one
darkworkcustoms.com
deathbok.com
blackinkswizz.com
077sb.com
divecow.club
usbankaltituderewrds.com
nordaackalifestyle.com
melsamedia.com
spaziocanova.com
effinghamrotaryclub.com
organicbusinessstrategies.com
nevarsmith.com
bloqx.com
fortsdev.com
kingdomunified.com
missdecals.com
campbellsawmills.com
sharpestridesdetailing.com
castewaipoultryfarmllc.com
aregae.com
waterfiltration.systems
zxywxmr.com
davidedigiovanni.com
vfekhndzc.icu
guardamar.digital
ansb2b.com
nettute.com
getfluvidtested.com
ostadshagerd.com
bolsasytapers.com
deficryptocure.com
rahsiatokki1.com
virtual360hosting.info
rosettafeenathaniel.club
azschoolgy.com
cubanfilms.club
skooliehigh.com
kaybelledesignsllc.com
xn--lel-bla.com
2022.solar
myharitige.com
xn--iiqu5kngm42ez76a.com
kettlebellsamurai.com
nylonpicsporn.com
mimik33.com
minuwales.com
chelseashalza.com
friendchess.com
Targets
-
-
Target
SWIFT MT103_Pdf.exe
-
Size
652KB
-
MD5
bde47c8cf36ec091efbf5891096efa05
-
SHA1
98fff03b63be37a6e2772fc62cb933361f615f4f
-
SHA256
c4fbb69a5b90c147f3c92ef7dd08f18d1a8dede5a347ea788160a76bcd6aa44e
-
SHA512
30297d5b9d15b5196791843eb45d1895ed9d2d38b1157a15bf3f0c6d769355c8c901e9f04d943d26f191b5cde7ec6305842aaf9207426406a8b89036d2dd8c04
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Suspicious use of SetThreadContext
-