General
-
Target
Swift.exe
-
Size
221KB
-
Sample
221122-nxvfmabg89
-
MD5
0202c53a04751949b148ac5eab59030e
-
SHA1
32febcf0ec3e26a2852a677a1e0f80a520844ee4
-
SHA256
ad6df53019d5d8930fce4ad4a7e0d15a08d9771b3cff97b7c06bf3df364c17a4
-
SHA512
07ea4cb41cbd1860ee7a9ff87b949372735f62e4e3dab916b2cc0493e5f1748cf64534afe454c81c06982d9b2c7e6a7bedaa72132b381c3f24da746cfec1dab6
-
SSDEEP
6144:MEa0Nyh7Uk49DgIyU3wmtax8+3AdmVsrPW1QBho5p:XUUk49DgIyU3Bp4HVQs4o7
Static task
static1
Behavioral task
behavioral1
Sample
Swift.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
4.1
b31b
deltafxtrading.com
alisonangl.com
cdfqs.com
easyentry.vip
dentalinfodomain.com
hiphoppianyc.com
pools-62911.com
supportteam26589.site
delldaypa.one
szanody.com
diaper-basket.art
ffscollab.com
freediverconnect.com
namesbrun.com
theprimone.top
lenzolab.com
cikmas.com
genyuei-no.space
hellofstyle.com
lamagall.com
hallmarktb.com
hifebou7.info
sex5a.finance
printrynner.com
powerrestorationllc.com
hirefiz.com
uninvitedempire.com
alpinemaintenance.online
ppcadshub.com
looking4.tours
dirtyhandsmedia.com
capishe.website
cachorrospitbull.com
mythic-authentication.online
nordingcave.online
gremep.online
tryufabetcasino.com
premiumciso.com
powerful70s.com
myminecraftrealm.com
bssurgery.com
steel-pcint.com
iokailyjewelry.com
barmanon5.pro
kcrsw.com
9393xx38.app
kochen-mit-induktion.com
indtradors.store
giaxevn.info
trungtambaohanhariston.com
fulili.com
crgabions.com
matomekoubou.com
duaidapduapjdp.site
invissiblefriends.com
cy3.space
idqoft.com
jamal53153.com
lemagnetix.com
anthroaction.com
uspcff.top
supplierdir.com
counterpoint.online
zarl.tech
cdlcapitolsolutions.com
Targets
-
-
Target
Swift.exe
-
Size
221KB
-
MD5
0202c53a04751949b148ac5eab59030e
-
SHA1
32febcf0ec3e26a2852a677a1e0f80a520844ee4
-
SHA256
ad6df53019d5d8930fce4ad4a7e0d15a08d9771b3cff97b7c06bf3df364c17a4
-
SHA512
07ea4cb41cbd1860ee7a9ff87b949372735f62e4e3dab916b2cc0493e5f1748cf64534afe454c81c06982d9b2c7e6a7bedaa72132b381c3f24da746cfec1dab6
-
SSDEEP
6144:MEa0Nyh7Uk49DgIyU3wmtax8+3AdmVsrPW1QBho5p:XUUk49DgIyU3Bp4HVQs4o7
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-