General
-
Target
swift.exe
-
Size
341KB
-
Sample
230324-paa9xagc3z
-
MD5
e8a3330c073fdf9c823f23eeb066e194
-
SHA1
ca809e57a8caf8cebb47fac3a645f4983947e73b
-
SHA256
bde148cc492b003001b57f554c21cc8fea9cf4be56e25150b810a4b040a4e842
-
SHA512
4b49b60f94dbc04a4b429ea7bf5f03324f8929132b16138284d694e606d96b835e33645420f2f0540b48c5fe829019775489a5719b704558d3f245392a4063b2
-
SSDEEP
6144:TYa6Usu/Db1Ymej6fLXf0B0Mk2/9eTnWiVCiEkm6sj0SCID+E2DGen:TYasu/Db1YmScfzMk2/sTnWCCdkm9j0x
Static task
static1
Behavioral task
behavioral1
Sample
swift.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
k04s
draanabellrojas.com
in03.one
kyraloves.co.uk
laluma.store
londoncell.com
kanurikibueadvocates.com
buyeasynow.net
escapefromtarkov-wiki.com
crewint.net
f-b.boats
beautyaidstudio.com
ashfieldconsultancy.uk
dlogsadood.com
ftgam.xyz
constantinopanama.com
yellowpocket.africa
konyil.com
easomobility.com
1135wickloecourt.com
indexb2b.com
kabridates.com
forty04.com
fourjaysgsps.com
bukkaluy.com
elvanite.co.uk
ccnds.online
medicswellnessconsult.africa
dashuzhupin.com
woodstockwine.africa
advisorsforcharities.com
jathinel.com
bwin6789.com
brandologic.net
courier.africa
f6zx.shop
efefcondemned.buzz
cosmochroniclesblog.com
karmaapps.site
kielenki.africa
classbetter.online
ffp78.com
goodwebob.com
facroryoutletstore.com
kart746.xyz
current-vaancies.com
fourblendedsistas.store
anjuhepay.com
lawexpert9.info
family-doctor-96425.com
telcs.net
huodede.com
clarkwire.xyz
aliencultist.com
innovantexclusive.com
theepiclandings.net
happy-christmass.com
bearcreekwood.com
370zhitch.com
game2casino.com
betternook.com
ginkfazoltrelo.info
andyrichardsonwv.com
handygiftstore.com
orientalwholesale.uk
naijabrain.africa
Targets
-
-
Target
swift.exe
-
Size
341KB
-
MD5
e8a3330c073fdf9c823f23eeb066e194
-
SHA1
ca809e57a8caf8cebb47fac3a645f4983947e73b
-
SHA256
bde148cc492b003001b57f554c21cc8fea9cf4be56e25150b810a4b040a4e842
-
SHA512
4b49b60f94dbc04a4b429ea7bf5f03324f8929132b16138284d694e606d96b835e33645420f2f0540b48c5fe829019775489a5719b704558d3f245392a4063b2
-
SSDEEP
6144:TYa6Usu/Db1Ymej6fLXf0B0Mk2/9eTnWiVCiEkm6sj0SCID+E2DGen:TYasu/Db1YmScfzMk2/sTnWCCdkm9j0x
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-