General
-
Target
SWIFT Copy00323012022PDF.gz.zip
-
Size
46KB
-
Sample
220124-plq5haefb5
-
MD5
1eb0477e5c7870fd2a0d92b7b3737b85
-
SHA1
0b516db5d16481e2137c64015599719fa1f9f28c
-
SHA256
4c68b14580c8ffca6f3a30f4e5cd967777d57d2b83311609d9bb515b36e88d6f
-
SHA512
3faab16858ef52d26a75cc06ca4e23b1140ecb74d64a1690517e0da35943d4e610bac5794102e0ee3e6c3b6a35eb18422e73a9442559c05502677c29d2263126
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT Copy00323012022PDF.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
be4o
neonewway.club
kuanghong.club
7bkj.com
ooo-club.com
kamchatka-agency.com
sjsndtvitzru.mobi
noireimpactcollective.net
justbe-event.com
easypeasy.community
southcoast.glass
janhenningsen.com
jmxyjj.com
tarihibilet.com
nagradi7.com
percentrostered.net
certvaxid.com
kingseafoodsydney.com
blacksheepwalk.com
waktuk.com
inteligenciaenrefrigeracion.com
marvinhull.com
fikretbayrakdar.com
rsxrsh.com
vastukalabid.com
belindahulett.com
aibet888.club
icarus-groupe.com
vendasdigitaisonline.com
fairytalepageants.com
imaginativeprint.com
quanqiu55555.com
owensigns.com
kaikkistore.com
dreamintelligent.com
piqqekqqbpjpajbzvvfqapwr.store
mariachinuevozacatecas24-7.com
glenndcp.com
vaughnediting.com
10dian-3.com
buresdx.com
itservon.com
buyingusedfurniture.com
elektropanjur.com
logotzo.com
eaglesaviationexperience.com
antoniopasciuti.com
personas1web.com
hvbatterystore.com
ksustudyabroad.com
4huav946.com
gojajix.xyz
kennycheng.tech
traditionnevertrend.com
mytrainermatrix.online
basculasperu.com
eljkj.com
teleconstructiongroup.com
28682df.com
altimiravet.com
worldplantaward.com
mydxza.com
josiemaran-supernatural.com
brainymortgage.info
diffamr.net
istemnetwork.com
Targets
-
-
Target
SWIFT Copy00323012022PDF.exe
-
Size
79KB
-
MD5
9a1b5e42a5855fd3240a9c33346d07ca
-
SHA1
228b3fde2e6e7a31a940931d08df2a4ed1e5d7e3
-
SHA256
fbfcc39fb2e03d204a83cb9dceaa90e692ddb28367457586fdace8ff27b11d88
-
SHA512
200d09616b4f4e31c1ec5f04c4c8e0a8541d4246d153b018cdbd7f273a246373b8e028c27a45ebfb887b26967fcd13816ff96842d812d7c8876d176bd875691b
-
Xloader Payload
-
Suspicious use of SetThreadContext
-