Overview

overview

10

Static

static

1

Swift Copy_pdf.exe

windows7_x64

10

Swift Copy_pdf.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Swift Copy_pdf.exe

  • Size

    311KB

  • Sample

    220119-qc85dsaacm

  • MD5

    9f2d01a8b5dc49ef17702e857be90889

  • SHA1

    d0a573726943bf91061ae5eb5cac521fca7a9e42

  • SHA256

    a905e72a77771c75444b5fc0fe1afb342aefdfcb16e1053eff8c7a66094c3d04

  • SHA512

    50881bf2d897bb9c249dc0981a61f59f8038f42cf74f672b5b9f54c8836f74c6a343e3fbed74287eea17e2545c87424fd422d0eef006d348038573a9934fb69c

Score
10/10
mimikatzxloaderdtt3loaderratsuricata

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

dtt3

Decoy

edilononlineshop.com

cursosd.com

viellacharteredland.com

increasey0urenergylevels.codes

yjy-hotel.com

claym.xyz

reelsguide.com

gives-cardano.com

ashrafannuar.com

mammalians.com

rocketleaguedads.com

yubierp.com

minimi36.com

chn-chn.com

jagojp888.com

parsian-shetab.com

273351.com

mdtouhid.com

babedads.com

vallinam2.com

Targets

    • Target

      Swift Copy_pdf.exe

    • Size

      311KB

    • MD5

      9f2d01a8b5dc49ef17702e857be90889

    • SHA1

      d0a573726943bf91061ae5eb5cac521fca7a9e42

    • SHA256

      a905e72a77771c75444b5fc0fe1afb342aefdfcb16e1053eff8c7a66094c3d04

    • SHA512

      50881bf2d897bb9c249dc0981a61f59f8038f42cf74f672b5b9f54c8836f74c6a343e3fbed74287eea17e2545c87424fd422d0eef006d348038573a9934fb69c

    Score
    10/10
    xloaderdtt3loaderratsuricatamimikatz

    • Mimikatz

      mimikatz is an open source tool to dump credentials on Windows.

      mimikatz

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • Xloader Payload

      rat

    • mimikatz is an open source tool to dump credentials on Windows

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks