General
-
Target
Swift Copy.exe
-
Size
477KB
-
Sample
230328-lq3sbaac38
-
MD5
a4aaddb2062a280e675fefce52951ec2
-
SHA1
c5ee44c93aeda42a644135a859e714618b81207e
-
SHA256
06781e8b2a7faff43c97cbcbe19a19b2085f66ac023747ac69c05866c96d855f
-
SHA512
21c01ad6f9d0d8ce7695876c2f2cf9b6147360afc2dcaaaa19260944a751bad46b567fcdefbc148818d196bc8f90b643b4c13df3ef7ca5cb05a0d55b55f96041
-
SSDEEP
12288:AdssEQWLUed3qIj/m/GD/i58FvZ6V8ffx1Ry85dDd:Aa3qK/coy8W8ffxzy8/
Static task
static1
Behavioral task
behavioral1
Sample
Swift Copy.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Swift Copy.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
formbook
4.1
arn2
girlzongrass.com
starphotostudio.co.uk
bugsbunnyexpress.com
kimeepayne.com
gtcoplc.africa
generativeseller.com
chain-bnb.com
diamante24.com
fine-and-good.com
vexlotex.africa
legendary-royale.net
draandreaprimera.com
geteit.com
epremiuminsurancce.com
adn-care.com
kazakhstanfootball.com
bizinares.com
folug.club
fuda808.com
internationalkia.com
educlub.icu
friedlanda.online
mosaicmakes.co.uk
chereesione.com
yeitc.xyz
forgottendemocrats.net
spanishvillas.org.uk
diksis.net
foxlink.site
kautodetailing.com
7aceibt856mfru9.buzz
inmortal.ru
autoprintonline.co.uk
erinlawsonpsyd.com
500sz.com
home-citz03.live
78522.xyz
hippogross.com
bgkxj.com
bodybladestore.com
heycot.com
webonly.africa
klsweddingfilms.co.uk
e-vezir.com
fckfifa.com
krona-kzn.ru
starspace.uk
humblebabies.com
daysstoudesign.com
kimcredibletravel.com
fashion4compassioninc.com
gooluck.top
adventuregirlstuff.com
knockoutwash.com
adjustedatx.com
gretnaautosuperstore.com
c10hosts.net
hrtre.com
giorgiabini.com
cpld011.com
ecologistes-an.net
catholicwhitepages.com
jollytokens.com
bindyboutique.com
groupsfantechnology.com
Targets
-
-
Target
Swift Copy.exe
-
Size
477KB
-
MD5
a4aaddb2062a280e675fefce52951ec2
-
SHA1
c5ee44c93aeda42a644135a859e714618b81207e
-
SHA256
06781e8b2a7faff43c97cbcbe19a19b2085f66ac023747ac69c05866c96d855f
-
SHA512
21c01ad6f9d0d8ce7695876c2f2cf9b6147360afc2dcaaaa19260944a751bad46b567fcdefbc148818d196bc8f90b643b4c13df3ef7ca5cb05a0d55b55f96041
-
SSDEEP
12288:AdssEQWLUed3qIj/m/GD/i58FvZ6V8ffx1Ry85dDd:Aa3qK/coy8W8ffxzy8/
-
Formbook payload
-
Suspicious use of SetThreadContext
-