Overview

overview

10

Static

static

1

swift.exe

windows7-x64

10

swift.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    swift.exe

  • Size

    341KB

  • Sample

    230324-paa9xagc3z

  • MD5

    e8a3330c073fdf9c823f23eeb066e194

  • SHA1

    ca809e57a8caf8cebb47fac3a645f4983947e73b

  • SHA256

    bde148cc492b003001b57f554c21cc8fea9cf4be56e25150b810a4b040a4e842

  • SHA512

    4b49b60f94dbc04a4b429ea7bf5f03324f8929132b16138284d694e606d96b835e33645420f2f0540b48c5fe829019775489a5719b704558d3f245392a4063b2

  • SSDEEP

    6144:TYa6Usu/Db1Ymej6fLXf0B0Mk2/9eTnWiVCiEkm6sj0SCID+E2DGen:TYasu/Db1YmScfzMk2/sTnWCCdkm9j0x

Score
10/10
formbookk04sratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k04s

Decoy

draanabellrojas.com

in03.one

kyraloves.co.uk

laluma.store

londoncell.com

kanurikibueadvocates.com

buyeasynow.net

escapefromtarkov-wiki.com

crewint.net

f-b.boats

beautyaidstudio.com

ashfieldconsultancy.uk

dlogsadood.com

ftgam.xyz

constantinopanama.com

yellowpocket.africa

konyil.com

easomobility.com

1135wickloecourt.com

indexb2b.com

Targets

    • Target

      swift.exe

    • Size

      341KB

    • MD5

      e8a3330c073fdf9c823f23eeb066e194

    • SHA1

      ca809e57a8caf8cebb47fac3a645f4983947e73b

    • SHA256

      bde148cc492b003001b57f554c21cc8fea9cf4be56e25150b810a4b040a4e842

    • SHA512

      4b49b60f94dbc04a4b429ea7bf5f03324f8929132b16138284d694e606d96b835e33645420f2f0540b48c5fe829019775489a5719b704558d3f245392a4063b2

    • SSDEEP

      6144:TYa6Usu/Db1Ymej6fLXf0B0Mk2/9eTnWiVCiEkm6sj0SCID+E2DGen:TYasu/Db1YmScfzMk2/sTnWCCdkm9j0x

    Score
    10/10
    formbookk04sratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks