General
-
Target
Swift Copy.exe
-
Size
973KB
-
Sample
211021-22t8babggk
-
MD5
52949c01157ca2caa06fb7f5004b4c34
-
SHA1
1662ff2d63f195b1f467c165df711f55985aa850
-
SHA256
bdf2c781518f78b8b1bbd888a03b0a1ae32d598e2abe57e21dbcdefd5dacdaa0
-
SHA512
73a78d4dfbb936b8b3524b45d3789cecd792a4a20c6c93215b82c5b8c99a3c092d94b3b8c685fc090208bee98c68606c1879eb854e018b6607d95ff53b901fc0
Static task
static1
Behavioral task
behavioral1
Sample
Swift Copy.exe
Resource
win7-en-20211014
Malware Config
Extracted
xloader
2.5
bsz6
http://www.hosotructiep.online/bsz6/
rn-interior.com
padimo40.com
original-photos.com
gigacode.club
sacarwrap.com
daphne1.com
studyabroadway.com
caddonline.com
medicareadvplans.net
keyuhair.com
ethenea-paris.com
hungryhollow.farm
hirdavatgezegeni.com
biotransmitter.com
vrikshamfinance.com
holzhafen-bodensee.com
houseofbegums.com
dream-mart.tech
csitexas.biz
kitchenalamode.xyz
elmosky.net
redpipedown.net
yourvetnurse.com
metaverseseven.com
article2u.com
platinumcapital.biz
compromissodeamor.com
huostuoot611.com
unvaccinatedrights.com
tess-factor.net
jeeaner.com
beastnut.com
kinume.com
aireshbhat.com
b52fashion.com
tarssame.com
brickovenbarbeque.com
newjourneypro.com
niannujiao.net
ss1258.com
cockblocker.biz
retrowhimsy.online
nationwidewine.online
wulkan-slots.online
modernleadersacademy.com
allmoves.net
kepalabergetartv2.com
nftclocker.com
maschinenkrieger.com
anmroofings.com
dolomitapizzeria.com
torg-penza.online
mediumjodya.com
proyectohaciendohistoria.com
connectszn.com
nudgepaywalls.com
stamping.digital
auricove.com
top7z.com
beputis4.com
freegamesel.net
empiric.academy
golaveg.com
fcogstj.com
Targets
-
-
Target
Swift Copy.exe
-
Size
973KB
-
MD5
52949c01157ca2caa06fb7f5004b4c34
-
SHA1
1662ff2d63f195b1f467c165df711f55985aa850
-
SHA256
bdf2c781518f78b8b1bbd888a03b0a1ae32d598e2abe57e21dbcdefd5dacdaa0
-
SHA512
73a78d4dfbb936b8b3524b45d3789cecd792a4a20c6c93215b82c5b8c99a3c092d94b3b8c685fc090208bee98c68606c1879eb854e018b6607d95ff53b901fc0
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-