General
-
Target
Swift Copy20222601.PDF.exe
-
Size
759KB
-
Sample
220126-h6n3baafh3
-
MD5
6a0c66b62670c0592ecc348da92a23ad
-
SHA1
c8947b17eeafffa42e7cd09e92a6a9e8306b33a3
-
SHA256
3ef3defaf18516b080d3e6536b6f076440cfcd53adfd0c3b5eba1330a4293224
-
SHA512
f97929365e3e32ded45c1f0d3fb02803bd3072e8bc52eeb48e61edc0f972b367832b92e12a46a41883fde763a0dd644244a1a807ad1b76518ec85f6f83709c1f
Static task
static1
Behavioral task
behavioral1
Sample
Swift Copy20222601.PDF.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.5
pout
leadergaterealty.com
k7bsz.info
laidjapp1.com
eastcountytaxi.com
betterlife-uae.com
materaiku.com
chanhxebinhthuan-hcm.online
06gjm.xyz
67t.xyz
here-we-meet.com
screened-articletoseetoday.info
lucykg.club
mujdobron.quest
susakhi.com
funtabse.com
unlimitedpain.com
2ed58fwec.xyz
weighttrainingexpert.com
allisonsheillax.com
yektaburgers.com
altijdstoer.info
airemspapartments.com
videomuncher.com
centerstagedrama.com
nikkou-toy.store
arequipesymerengues.com
haishandl.com
fy2zy5.com
mailheld.digital
sheepysage.com
fabricadocredito.com
siq212.com
moo-coo.com
hoomxb.net
6s2.space
rsholding.net
castellanacustomboats.online
tremblock.com
ramblingkinkster.com
teamsooners.club
onlinecasino-univ.com
dash8board.com
aichuncha.com
springhilllawn.com
zgluke.com
happynft.agency
urbanempireapparel.com
guanyiren.com
biglotteryking.com
marionkgregory.store
mujeresyaccion.com
smcusa.net
mayyon.net
vivibanca.website
15dgj.xyz
miabossjewelry.com
ideeperloshopping.cloud
healizy.com
huvao.com
huggsforbubbs.com
radiomacadam.online
firirifilms.com
knowhorses.com
chickenbeetlebooks.com
transtarintl.com
Targets
-
-
Target
Swift Copy20222601.PDF.exe
-
Size
759KB
-
MD5
6a0c66b62670c0592ecc348da92a23ad
-
SHA1
c8947b17eeafffa42e7cd09e92a6a9e8306b33a3
-
SHA256
3ef3defaf18516b080d3e6536b6f076440cfcd53adfd0c3b5eba1330a4293224
-
SHA512
f97929365e3e32ded45c1f0d3fb02803bd3072e8bc52eeb48e61edc0f972b367832b92e12a46a41883fde763a0dd644244a1a807ad1b76518ec85f6f83709c1f
-
Xloader Payload
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-