General
-
Target
Swift Copy_pdf.exe
-
Size
311KB
-
Sample
220119-qc85dsaacm
-
MD5
9f2d01a8b5dc49ef17702e857be90889
-
SHA1
d0a573726943bf91061ae5eb5cac521fca7a9e42
-
SHA256
a905e72a77771c75444b5fc0fe1afb342aefdfcb16e1053eff8c7a66094c3d04
-
SHA512
50881bf2d897bb9c249dc0981a61f59f8038f42cf74f672b5b9f54c8836f74c6a343e3fbed74287eea17e2545c87424fd422d0eef006d348038573a9934fb69c
Static task
static1
Behavioral task
behavioral1
Sample
Swift Copy_pdf.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
dtt3
edilononlineshop.com
cursosd.com
viellacharteredland.com
increasey0urenergylevels.codes
yjy-hotel.com
claym.xyz
reelsguide.com
gives-cardano.com
ashrafannuar.com
mammalians.com
rocketleaguedads.com
yubierp.com
minimi36.com
chn-chn.com
jagojp888.com
parsian-shetab.com
273351.com
mdtouhid.com
babedads.com
vallinam2.com
buro-tic.com
az-rent.net
shifaebio.xyz
circuitoalberghiero.com
xn--b1afb9b.xn--p1acf
canlioyundasin.online
sachainchirajaomega.com
scandinest.com
pluky.net
tpxcy.com
nbg.global
automountproducts.com
hghbj.com
beachsidecoatings.com
householdertips.com
coworkingspace.online
doujyou.com
tenloe053.xyz
udpbkp.biz
kondanginyuk.online
zipiter.com
christiankrog.com
reliantrecruitinggroup.com
acrylicus.com
cruelgirls.biz
oeinsulation.com
mapnft.xyz
leadersfort.com
foodroutine.com
mayerohio.info
systemofsolutions.com
gideonajibike.com
bigboobz.net
townofis.com
mhkxlgs.com
sussaautocare.com
quicktle.com
boutiquedangel.com
garrisonroadhouse.com
stiff-pols.art
cabalaconsultores.com
theweddinggame.net
themoneymagicians.com
overtonesa.com
janasflannels.com
Targets
-
-
Target
Swift Copy_pdf.exe
-
Size
311KB
-
MD5
9f2d01a8b5dc49ef17702e857be90889
-
SHA1
d0a573726943bf91061ae5eb5cac521fca7a9e42
-
SHA256
a905e72a77771c75444b5fc0fe1afb342aefdfcb16e1053eff8c7a66094c3d04
-
SHA512
50881bf2d897bb9c249dc0981a61f59f8038f42cf74f672b5b9f54c8836f74c6a343e3fbed74287eea17e2545c87424fd422d0eef006d348038573a9934fb69c
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
mimikatz is an open source tool to dump credentials on Windows
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-