Overview

overview

10

Static

static

1

Swift Copy.exe

windows7-x64

10

Swift Copy.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Swift Copy.exe

  • Size

    477KB

  • Sample

    230328-lq3sbaac38

  • MD5

    a4aaddb2062a280e675fefce52951ec2

  • SHA1

    c5ee44c93aeda42a644135a859e714618b81207e

  • SHA256

    06781e8b2a7faff43c97cbcbe19a19b2085f66ac023747ac69c05866c96d855f

  • SHA512

    21c01ad6f9d0d8ce7695876c2f2cf9b6147360afc2dcaaaa19260944a751bad46b567fcdefbc148818d196bc8f90b643b4c13df3ef7ca5cb05a0d55b55f96041

  • SSDEEP

    12288:AdssEQWLUed3qIj/m/GD/i58FvZ6V8ffx1Ry85dDd:Aa3qK/coy8W8ffxzy8/

Score
10/10
formbookarn2ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

arn2

Decoy

girlzongrass.com

starphotostudio.co.uk

bugsbunnyexpress.com

kimeepayne.com

gtcoplc.africa

generativeseller.com

chain-bnb.com

diamante24.com

fine-and-good.com

vexlotex.africa

legendary-royale.net

draandreaprimera.com

geteit.com

epremiuminsurancce.com

adn-care.com

kazakhstanfootball.com

bizinares.com

folug.club

fuda808.com

internationalkia.com

Targets

    • Target

      Swift Copy.exe

    • Size

      477KB

    • MD5

      a4aaddb2062a280e675fefce52951ec2

    • SHA1

      c5ee44c93aeda42a644135a859e714618b81207e

    • SHA256

      06781e8b2a7faff43c97cbcbe19a19b2085f66ac023747ac69c05866c96d855f

    • SHA512

      21c01ad6f9d0d8ce7695876c2f2cf9b6147360afc2dcaaaa19260944a751bad46b567fcdefbc148818d196bc8f90b643b4c13df3ef7ca5cb05a0d55b55f96041

    • SSDEEP

      12288:AdssEQWLUed3qIj/m/GD/i58FvZ6V8ffx1Ry85dDd:Aa3qK/coy8W8ffxzy8/

    Score
    10/10
    formbookarn2ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks