Overview

overview

10

Static

static

1

Swift.exe

windows7-x64

10

Swift.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Swift.exe

  • Size

    221KB

  • Sample

    221122-nxvfmabg89

  • MD5

    0202c53a04751949b148ac5eab59030e

  • SHA1

    32febcf0ec3e26a2852a677a1e0f80a520844ee4

  • SHA256

    ad6df53019d5d8930fce4ad4a7e0d15a08d9771b3cff97b7c06bf3df364c17a4

  • SHA512

    07ea4cb41cbd1860ee7a9ff87b949372735f62e4e3dab916b2cc0493e5f1748cf64534afe454c81c06982d9b2c7e6a7bedaa72132b381c3f24da746cfec1dab6

  • SSDEEP

    6144:MEa0Nyh7Uk49DgIyU3wmtax8+3AdmVsrPW1QBho5p:XUUk49DgIyU3Bp4HVQs4o7

Score
10/10
formbookb31bratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b31b

Decoy

deltafxtrading.com

alisonangl.com

cdfqs.com

easyentry.vip

dentalinfodomain.com

hiphoppianyc.com

pools-62911.com

supportteam26589.site

delldaypa.one

szanody.com

diaper-basket.art

ffscollab.com

freediverconnect.com

namesbrun.com

theprimone.top

lenzolab.com

cikmas.com

genyuei-no.space

hellofstyle.com

lamagall.com

Targets

    • Target

      Swift.exe

    • Size

      221KB

    • MD5

      0202c53a04751949b148ac5eab59030e

    • SHA1

      32febcf0ec3e26a2852a677a1e0f80a520844ee4

    • SHA256

      ad6df53019d5d8930fce4ad4a7e0d15a08d9771b3cff97b7c06bf3df364c17a4

    • SHA512

      07ea4cb41cbd1860ee7a9ff87b949372735f62e4e3dab916b2cc0493e5f1748cf64534afe454c81c06982d9b2c7e6a7bedaa72132b381c3f24da746cfec1dab6

    • SSDEEP

      6144:MEa0Nyh7Uk49DgIyU3wmtax8+3AdmVsrPW1QBho5p:XUUk49DgIyU3Bp4HVQs4o7

    Score
    10/10
    formbookb31bratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks