General
-
Target
notificación bancaria SWift.exe.xz
-
Size
344KB
-
Sample
211115-nnl3wsaac4
-
MD5
43830ac2dd3d41e4adcbf9af223cc0d6
-
SHA1
e3d009d1908cee2597608f12e2fc5ace48b61bad
-
SHA256
8d31e522102744c714db644fd0572e337f6a69e72f3c3a4bb0deab211e9a12df
-
SHA512
bc8691581aabea233dabff9bdc0eb974cc35c545b85668a9958a7a5043df242060fc17dd5a6ba69cdeb189def51dabb0df4df972576598aee8c8d4280b969621
Static task
static1
Behavioral task
behavioral1
Sample
notificación bancaria SWift.exe
Resource
win7-en-20211104
Malware Config
Extracted
formbook
4.1
n7ak
http://www.kmresults.com/n7ak/
modischoolcbse.com
theneverwinter.com
rszkjx-vps-hosting.website
fnihil.com
1pbet.com
nnowzscorrez.com
uaotgvjl.icu
starmapsqatar.com
ekisilani.com
extradeepsheets.com
jam-nins.com
buranly.com
orixentertainment.com
rawtech.energy
myol.guru
utex.club
jiapie.com
wowig.store
wweidlyyl.com
systaskautomation.com
citromudas3a.com
plasticstone.icu
pawchamamapet.com
beautybybby.com
mor-n-mor.com
getoffyourhighhorses.com
chieucaochoban9.xyz
grahamevansmp.com
amplaassessoria.net
nutricookindia.com
wazymbex.icu
joansironing.com
hallforless.com
mycourseprofits.com
precps.com
cookislandstourismpodcast.com
bestonlinedealslive.com
bug.chat
ptjbtoqonjtrwpvkfgmjvwp.com
tortniespodzianka.store
qxkbjgj.icu
aurashape.com
guinealive.com
mondialeresources.com
offthebreak.site
maxamproductivity.com
thebiztip.com
thelocalrea.com
laeducacionadistancia.com
inpakgroup.com
lvgang360.com
allvegangoods.com
tymudanzaramos.com
simpleframeswork.com
thehappycars.com
directfenetres.net
norskatferdsterapi.com
hostingcnx.com
ksmh5x.com
thespiritworldinvitational.com
jetsetwilly3.com
gameflexdev.com
tryhuge.com
vaporvspaper.com
Targets
-
-
Target
notificación bancaria SWift.exe
-
Size
746KB
-
MD5
d430635d87107798fee74e8febaf9a67
-
SHA1
99834cd2b98a352ceded62313e62fa368bd18a54
-
SHA256
184334a7b2fe95a80e82f4e3fa74b3484df670fe8c08b99357ba2dcbbfece475
-
SHA512
b6f8ffd76c612691f937f430ee2c8a13d436708b7db20b7e8b4c29e0143a6b324870bc0f232c618839e21abd863d6fde6229a62979d78f07470cdefa8e7b6e7a
-
Formbook Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-