General
-
Target
output.199875276.rar
-
Size
213KB
-
Sample
230130-zmhjvsed2z
-
MD5
d539d007fb26f7b0a9292f2b0a12529f
-
SHA1
60a11149ee2f19560a4179276d19bb56eac2dfb3
-
SHA256
1a41a5bf751fd2deb7cf46b231e45843adc5f036149979de847c053177be2eb8
-
SHA512
68c82cc8b2fb78d297950b35e9293354fb09b2d8fc26b2bd0d8d80dbacc28fc4d21f7889c0cac7325e23c49d3f527a820551d685300c0693b34ca6434d88bc4f
-
SSDEEP
3072:TfK0+v+mkHKLxpoSEd3FpOwB+C5VNfcFg20pbhJ2ZhX3q3uupt0Q89eJO34OKW+y:Ev+X+zoSeFhr5PcFrEbuZxq3unl3itZq
Static task
static1
Behavioral task
behavioral1
Sample
swiftcopy.exe
Resource
win7-20220812-en
Malware Config
Extracted
xloader
2.5
dx3n
polebear.xyz
luciamoca.com
185451.com
bookfriendspodcast.net
reliancetechsolutions.com
wuzuiso.com
ig-representative.com
ryotaohno.com
wlnhcl.com
oasispoolth.com
fo71.com
storyandidentity.com
sayarpro.com
arrow-electronics-corps.net
brasbux.com
nigeriaafricasummit.com
choud.store
medicareopenenrollment.info
amlhcz.com
fdklflkdioerklfdke.store
andreanieblas.com
whhsdzyl.com
millionistabruja.com
treeteescoop.com
taob518.com
wasjesusmarried.net
travisleecontracting.com
wearemarinemarine.com
hallywoodfire.com
girotonix.space
dietnow3.info
water07.com
girlnextdoorlashes.com
healthoffword.xyz
picketfenceboutique.com
coobons.com
johnfrenchart.com
xn--snabbtkrkortonline-j3b.com
silkyskin.one
mskstyle777.store
themetamorfose.com
psd2reality.com
04htt.xyz
report-help-session.com
huaxiayinshua.com
twinklylight.com
wrightpurpose.com
customsurfacescanada.com
ed1tconsulting.com
genesisfoundry.com
xxsq.net
hsncsoft.com
rfreilly.com
launchyourplffunnel.com
minjunsa.com
metaverseedtech.com
lens-experts.com
butikhira.xyz
onlinedatingoftallahassee.com
newarkroofingcontractor.com
jo1ntodaya.info
criticalequipmentservices.com
defence.group
appcast-60.com
iexiufu.net
Targets
-
-
Target
swiftcopy.exe
-
Size
226KB
-
MD5
403a0ec6b998f324dda677547ac8ec79
-
SHA1
2e9fcc41db347d053ec58de6881527a9f529edef
-
SHA256
7d53754fb2eb6479e9d71d07036133421f4d153ec252873c7beeb619f762a90f
-
SHA512
0608941d064e2e3121ee4a02dba4f486ba7c997b14405b2e6d63102566bb65fbc242bb25ef424b5f1ddf07e7bc7e8226b916a00e85fc6d8d2408e966cbeb891b
-
SSDEEP
3072:qyiLF8DnmJpNG/f90oL1yq8ogAQLxLmqjPXrxgUuUj14xy9WmfvuuWlAqXJeDg+P:qGV/l0oL1TToMqTVgfUs8efDJe81aL9f
-
Xloader payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-