General
-
Target
0223d69740fda60c30e8f7394b1d13ff666011d3afa7b11b933f82d723eb2fb3
-
Size
255KB
-
Sample
220521-d5nb6sghc2
-
MD5
c5337e0193e1a7f6d329791f3a70e12c
-
SHA1
66006fc51e58e37d472b535a587454a1be8472f8
-
SHA256
0223d69740fda60c30e8f7394b1d13ff666011d3afa7b11b933f82d723eb2fb3
-
SHA512
eb283696c319c8f599d62379e16314d4f206fedbafbe95f2c732005653601d4422d84c997b91099d1258799b14f7126a9bdd764ee42c841ba73ed7ed6340b97d
Static task
static1
Behavioral task
behavioral1
Sample
SwiftGGD.Scan.pdf..exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SwiftGGD.Scan.pdf..exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
formbook
4.1
fgf
cat5irma.com
leadershiplakewood.info
flm1tr.biz
silverstarps.com
tzsbhy.net
disseny-web-lleida.net
cancellationofcontract.com
potentialanalysen.com
realinja.net
cateraggio.com
17017brookwooddrive.com
liberty-hope.net
northmnsword.com
500lombardy.com
roykossena.com
bowelral.com
hidiinvestmentgroup.com
urbarecords.net
404chianti.com
zimomor.com
beyaqi.com
flc282.com
digimaxmw.com
movble.net
nauticallion.info
august12v.com
top-amatrice.com
xn--takrcke24-y2a.com
balada.online
bleaktochic.info
jackpotfix.com
mindful-math-tutoring.com
scenia-bay-nhatrang.com
platapormicasa.com
klb2xu.info
greenrayciel.com
animalcontrolportstluciefl.com
rewarded.tech
beushopping.com
columbiapacific.site
hifholdings.com
for.watch
steeleawayfarm.net
gotaphoto.com
we-teams.com
feiya-group.com
repulift.com
liminaireschauffeurs.com
bottegamente.com
yutanfu.com
py0534.net
testdomain9132017.com
ferien-versicherungen.com
naturally-jo.com
loveourmen.com
sdppgl.com
zwysoft.com
email-ag.win
placebonjour.win
theonboarding.agency
johncfazio.net
vitino.net
shuangm.com
zuzcvhv.com
sandrxy.com
Targets
-
-
Target
SwiftGGD.Scan.pdf..exe
-
Size
359KB
-
MD5
00019153347279c9e4a2849c597969b2
-
SHA1
bdf7376b3454edf51cc79b6c96377f02860fc2ad
-
SHA256
9ce61ae5037ceb9f8ce9dac6288d9125230dc58f58a4e1450e85081a8a620c15
-
SHA512
ac66013e7ae9f32e5583ffde60536e0800d9e4b0f472b04ea5fcbde87e90cc84633fe850e44ad65aef3a45a3567e1f7fe44069ff4f7aef93ac574c964c748dcd
-
Formbook Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-