General
-
Target
SWIFT copy 27092023.exe
-
Size
636KB
-
Sample
231011-nsbsqaed88
-
MD5
daf6c083b09bbd7db92bd975933097b8
-
SHA1
b5ecee6fd39b1b89a1246842bdb93b34d6a3637e
-
SHA256
be5825c707b2fd0d972ae9d2431561b9215de539846232cff466cb11e20b9d89
-
SHA512
1c04f5f7b0f93e60c85cc648c99db1eac0fb5a959bc5995122f2768525ee521d46c6126ca7d5029d7e7dbeb964efccfb2cd0f8cfce0f35fd873ec1e9cc80b8aa
-
SSDEEP
12288:M6LyiRJU/Wcj1XdosluhJFkin+93RGWPjQaz6W5i8Nc5bz9efDK0Z:RmFeQ8sgkG+hRB7QTKiq80Z
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT copy 27092023.exe
Resource
win7-20230831-en
Malware Config
Extracted
formbook
4.1
r65e
cgoxzsep4.com
browser-privacy.xyz
ganjatr.com
generativebreakup.shop
rhoheritage.com
theriprapcompany.com
520baobao.com
theroomdividers.services
justfind.info
88av552.top
myhywea.info
oe9-kumamoto.xyz
awves.skin
hntv9037.top
velscleaningservices.com
hjjkk89.xyz
acessonlinenetbrdia.site
programmerxx.com
openai-clone.com
xn--xysu5cre277avz6d8ud.com
junolinks.com
stoicentrepreneur.net
xianzaiyujia.com
brand-wise.net
xn--mgbaovp8fa2d.com
mgt608.com
tga-gdpr.com
417controller.com
libroventas.com
okx.bond
variedadesdiana.com
specmall.top
nicenipsov.live
cheaphappiness.com
future2mask.com
bemywatch.com
morgancrawfordstudio.com
kidsorganicbedding.com
kk98147.com
go-ultraprostafix.com
makerlaunches.com
gantpowellstudio.com
bajabays.com
sarhadcorporation.com
janjiqq.club
0881000.com
57505.net
my-psycholog.com
videokebelem.com
everywhereaffia.com
scwfi.com
daluan.cfd
rrwmfz.site
sweetlivingok.com
jklcxzfd.cfd
almaxcobb.com
fifco.kids
txsellfast.com
qdhuivip.com
ky31300.vip
doctor-factory.com
414shop.com
cloudmng.xyz
mezurebuyukbeden.com
axy88.com
Targets
-
-
Target
SWIFT copy 27092023.exe
-
Size
636KB
-
MD5
daf6c083b09bbd7db92bd975933097b8
-
SHA1
b5ecee6fd39b1b89a1246842bdb93b34d6a3637e
-
SHA256
be5825c707b2fd0d972ae9d2431561b9215de539846232cff466cb11e20b9d89
-
SHA512
1c04f5f7b0f93e60c85cc648c99db1eac0fb5a959bc5995122f2768525ee521d46c6126ca7d5029d7e7dbeb964efccfb2cd0f8cfce0f35fd873ec1e9cc80b8aa
-
SSDEEP
12288:M6LyiRJU/Wcj1XdosluhJFkin+93RGWPjQaz6W5i8Nc5bz9efDK0Z:RmFeQ8sgkG+hRB7QTKiq80Z
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-