Overview

overview

10

Static

static

1

Swift Copy.exe

windows7-x64

10

Swift Copy.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Swift Copy.lzh

  • Size

    446KB

  • Sample

    230322-r7xkhsbc9y

  • MD5

    d17a08ef35cec0ee724944473973ec13

  • SHA1

    a78d317d7412ed3b26203f683f206c69d56a8d19

  • SHA256

    2b748351494693d8b0328153c75395fe0bb1691419376d1b7fd75a828dc72cdd

  • SHA512

    b8c0012384076c2eabee72b8103b471c2f0216414bd09000f35d9681c12ea9084a6b3444a3e0648ed0925d760fd215202f3cbe8ae15d52b84b926f0ecb813386

  • SSDEEP

    12288:UCEs0ba+0Xd8gLIAwjXI/hKG6entE7I5Rrmu:fF7XuIIAwjXI5jhtE7SRrmu

Score
10/10
formbookarn2ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

arn2

Decoy

girlzongrass.com

starphotostudio.co.uk

bugsbunnyexpress.com

kimeepayne.com

gtcoplc.africa

generativeseller.com

chain-bnb.com

diamante24.com

fine-and-good.com

vexlotex.africa

legendary-royale.net

draandreaprimera.com

geteit.com

epremiuminsurancce.com

adn-care.com

kazakhstanfootball.com

bizinares.com

folug.club

fuda808.com

internationalkia.com

Targets

    • Target

      Swift Copy.exe

    • Size

      477KB

    • MD5

      a4aaddb2062a280e675fefce52951ec2

    • SHA1

      c5ee44c93aeda42a644135a859e714618b81207e

    • SHA256

      06781e8b2a7faff43c97cbcbe19a19b2085f66ac023747ac69c05866c96d855f

    • SHA512

      21c01ad6f9d0d8ce7695876c2f2cf9b6147360afc2dcaaaa19260944a751bad46b567fcdefbc148818d196bc8f90b643b4c13df3ef7ca5cb05a0d55b55f96041

    • SSDEEP

      12288:AdssEQWLUed3qIj/m/GD/i58FvZ6V8ffx1Ry85dDd:Aa3qK/coy8W8ffxzy8/

    Score
    10/10
    formbookarn2ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks