General
-
Target
e5ee944909bd91bfeb6b21eaf3d8f85e702b9eb99e7f1c6c6b780ae12bb61eb4
-
Size
487KB
-
Sample
220131-s17btahfcj
-
MD5
a46bc7a8867d6c8a0807190f5724f1d5
-
SHA1
3106f6f963848f9b81b0527fd921776720af5d83
-
SHA256
e5ee944909bd91bfeb6b21eaf3d8f85e702b9eb99e7f1c6c6b780ae12bb61eb4
-
SHA512
45b6480b5009eaadd85b1a805ae86f2a95b3a7b755b6bb12681b461b8cf8ad755fcc9fcaa2422cdd84c17dcc7e9e064d1c1c154574c9552183ff151bb1c06ce3
Static task
static1
Behavioral task
behavioral1
Sample
Swift Copy.exe
Resource
win7-en-20211208
Malware Config
Extracted
xloader
2.3
n58i
electrifyz.com
silkpetalz.net
cognitivenavigation.com
poophaikus.com
orchidiris.com
arteregalos.com
dailybookmarks.info
gogoanume.pro
hushmailgmx.com
trjisa.com
notontrend.com
2020polltax.com
orderhappy.club
panggabean.net
govsathi.com
hrsbxg.com
xvideotokyo.online
lotteplaze.com
lovecleanliveclean.com
swaphomeloans.net
arcadems.info
creatingstrongerathletes.com
follaproperties.com
i-postgram.com
bootybella.fitness
avtofan.net
bimbavbi.com
yourtravelsbuddy.com
laiofit.com
ofnick.com
2g6gc6zma9g.net
phamthanhdam.com
shopteve.com
add-fast.com
studioloungemke.com
maxtoutfitness.com
mapleway.systems
login-settings.com
affoshop.com
hupubets.com
3energyservices.com
ccmfonline.com
keyhousebuyers.com
curvecue.com
developerdevelopment.com
jamesdunnandsons.com
devyassine.com
dongyilove.com
alienpuran.com
tuolp.com
bidprosper.com
feerd.com
acmeproxy.com
thechoicemediagroup.com
inspirespeep.com
leesangsoon.com
highheatcards.com
xn--yk3b99erra.com
rawfasteners.com
alfaniyaa.com
bellesaesthetics.com
ccequityholdings.com
carrolpuppies.com
huttibazar.net
biosonicmicrocurrent.com
Targets
-
-
Target
Swift Copy.exe
-
Size
696KB
-
MD5
c3ad076b201b02706effd72bbdfe71c4
-
SHA1
05a3a508addfd530113fb6f78122164476d3f651
-
SHA256
61de0ac2005f1345bfb72a35e04d02e41d981e6ffa23944d3b1cae93be22856b
-
SHA512
fe0441c5043fbc6620ad6c37a926df966ecb0a3797402a79ba0cd6e44743419b418d18890ab36dae09c27deefda74992845ebacb09c7d2cd15af3fd4dc659d1b
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
Xloader Payload
-
Blocklisted process makes network request
-
Sets service image path in registry
-
Suspicious use of SetThreadContext
-