General
-
Target
Swift Copy_44000.exe
-
Size
320KB
-
Sample
211203-pb2s9agdhk
-
MD5
03d853072e1cab50b55cce6883e5e72e
-
SHA1
a3d35ebdb90c950db690d900c57b804cb4874b4e
-
SHA256
5da3ef49a658c41da32f3258e3124c24e9641496ea1c2443d40c680a9f7b0e8c
-
SHA512
0229de62952ebc975333eb6ec25e9d47fd7f658e44661d198d17a8b6b833291b42f4f08e7ec41e574dd2dba8d58da54c0c0375e1d764bd26fe84fc3aa70d8116
Static task
static1
Behavioral task
behavioral1
Sample
Swift Copy_44000.exe
Resource
win7-en-20211104
Malware Config
Extracted
xloader
2.5
e8ia
http://www.helpfromjames.com/e8ia/
le-hameau-enchanteur.com
quantumsystem-au.club
engravedeeply.com
yesrecompensas.lat
cavallitowerofficials.com
800seaspray.com
skifun-jetski.com
thouartafoot.com
nft2dollar.com
petrestore.online
cjcutthecord2.com
tippimccullough.com
gadget198.xyz
djmiriam.com
bitbasepay.com
cukierniawz.com
mcclureic.xyz
inthekitchenshakinandbakin.com
busy-clicks.com
melaniemorris.online
elysiangp.com
7bkj.com
wakeanddraw.com
ascalar.com
iteraxon.com
henleygirlscricket.com
torresflooringdecorllc.com
helgquieta.quest
xesteem.com
graffity-aws.com
bolerparts.com
andriylysenko.com
bestinvest-4-you.com
frelsicycling.com
airductcleaningindianapolis.net
nlproperties.net
alkoora.xyz
sakiyaman.com
wwwsmyrnaschooldistrict.com
unitedsafetyassociation.com
fiveallianceapparel.com
edgelordkids.com
herhauling.com
intelldat.com
weprepareamerica-planet.com
webartsolution.net
yiquge.com
marraasociados.com
dentalimplantnearyou-ca.space
linemanbible.com
dunamisdispatchservicellc.com
latamoperationalinstitute.com
stpaulsschoolbagidora.com
groupninemed.com
solar-tribe.com
footairdz.com
blttsperma.quest
xfeuio.xyz
sahodyafbdchapter.com
0934800.com
dandftrading.com
gladway.net
mineriasinmercurio.com
inaampm.com
Targets
-
-
Target
Swift Copy_44000.exe
-
Size
320KB
-
MD5
03d853072e1cab50b55cce6883e5e72e
-
SHA1
a3d35ebdb90c950db690d900c57b804cb4874b4e
-
SHA256
5da3ef49a658c41da32f3258e3124c24e9641496ea1c2443d40c680a9f7b0e8c
-
SHA512
0229de62952ebc975333eb6ec25e9d47fd7f658e44661d198d17a8b6b833291b42f4f08e7ec41e574dd2dba8d58da54c0c0375e1d764bd26fe84fc3aa70d8116
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-