General
-
Target
Swift Copy.bin
-
Size
766KB
-
Sample
241215-ywapyavpex
-
MD5
8f5b567178dc84b182b9bef20d1ba3fd
-
SHA1
c9e63301ec2c68f8d1a087678d6947eb0f94ff71
-
SHA256
421f027f55c2899348146d6ef602fb6aaa2376c2479406a720f21f5af672d4ae
-
SHA512
2295886a0d77655ed8c897668a7d148003a53a32885277e92fd4261b90f2465b358f1f150335c8a70ac5fc2ec5f8a5fc0a8c5e6b1324eab2f94a44dfff06c0cb
-
SSDEEP
12288:lCMKhM39TXsTAiN81mLdCc6VbSogpA7beNEyDBcmpb7I1i5pSTTXnVluolN3l1:oMaci4OARRgeHeHBZ98i5CVlugN3
Static task
static1
Malware Config
Extracted
formbook
4.1
ct27
arehouse-inventory-22552.bond
lead.today
utomation-tools-36376.bond
uizdabarbie.shop
yedzio.xyz
riffinfamily.fun
lashsmm.store
estlumpia.shop
aki777id.best
ilmach.net
ome-care-25437.bond
i404.net
jacp.bid
he-broker.net
quick.biz
ynacloud.xyz
harmant-g.online
f85to5a2x.cyou
pdgkt.bid
at-removal-near-me-103.xyz
oujizz.fyi
oftware-engineering-60706.bond
lexcap.xyz
jwbizjl3p.sbs
ouses-for-sale-4851524.zone
nternet-providers-19459.bond
2b-emirates.net
onotobey.shop
sk-dezzz49.store
91582235.xyz
uankao.tech
kmi14.xyz
ental-implants-39342.bond
h868.net
ental-implants-67929.bond
lotino.xyz
pps-31199.bond
aintkitts.xyz
ximito.info
mrahmed.website
lujro.shop
n.domains
mkgqu.info
ingaepost.live
lutchbrakes.net
hepahamiltons.net
arehouse-inventory-64566.bond
eyss.xyz
elightfullydecadent.store
200mber.fun
fmej.info
lard.xyz
amal888.pro
si-robot.tech
kin-rejuvenation-78159.bond
mjweddingplanners.fun
urhub.xyz
nfluencer-marketing-70434.bond
bl.email
apturethetgc.win
ntangroup.online
eehear.xyz
udiolife.xyz
regnancy-32797.bond
rave.ist
Targets
-
-
Target
Swift Copy.bin
-
Size
766KB
-
MD5
8f5b567178dc84b182b9bef20d1ba3fd
-
SHA1
c9e63301ec2c68f8d1a087678d6947eb0f94ff71
-
SHA256
421f027f55c2899348146d6ef602fb6aaa2376c2479406a720f21f5af672d4ae
-
SHA512
2295886a0d77655ed8c897668a7d148003a53a32885277e92fd4261b90f2465b358f1f150335c8a70ac5fc2ec5f8a5fc0a8c5e6b1324eab2f94a44dfff06c0cb
-
SSDEEP
12288:lCMKhM39TXsTAiN81mLdCc6VbSogpA7beNEyDBcmpb7I1i5pSTTXnVluolN3l1:oMaci4OARRgeHeHBZ98i5CVlugN3
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-