General
-
Target
swift mt 1033.exe
-
Size
743KB
-
Sample
241219-h5jq7svpdp
-
MD5
df300e93be84410e629996a8050e47b2
-
SHA1
1ace59620fa5e6b7717a04ad28620e6a61191c80
-
SHA256
36ac663aee997b4b8da3bd498abcbdb91ca180f7afe402ce8ab166099c098cbf
-
SHA512
435302f901c1068288bf80e5726f3f9d0cbb4bfc6a3b489c7e3260698aa0b3e1707a203d3998b99ea183a21f3a1736eaa422fee358d88eb795647d665fa7b705
-
SSDEEP
12288:w38f2uE1zDf5n7Dm1C8T7bl9JrUKrlR+v+Yyf39fiQyHWsUuAPM5Uf8f2:w3u2uO3B4Ck59ReyfN5kWtuAa4u2
Static task
static1
Behavioral task
behavioral1
Sample
swift mt 1033.exe
Resource
win7-20240903-en
Malware Config
Extracted
formbook
4.1
k49s
ufberyrubiest.shop
tpanekatotosite.top
esona805158762.xyz
earing-tests-15487.bond
rediksitiraitoto.xyz
tore-playstore.online
mpresarialpx38.online
ufxusa.net
reativedesigns.lat
leaning-services-47614.bond
959725nptklnq923.top
treziop.xyz
eubel-bestseller.online
uynewcars.xyz
all-panels-74750.bond
erviceninjas.vip
arectoroffice.xyz
oviesgpt.app
ractors-22059.bond
rakenfitness.info
qatn10.shop
r-dresses-comments-25j.today
ejao.online
iningtruckszone.today
573132.top
cn5u.digital
qatn10.shop
56tm74ah.autos
urkiyekahvecisi.xyz
zincloud.shop
asuraplay77.info
ementia-treatment-40095.bond
lianzatrading.online
otive.app
imba69luckyspin.sbs
ainlamphumidifier.shop
martfile.app
at-casino-sh.buzz
uluthtradingsale.club
my755h.top
eflexive.asia
aboresdemexico.shop
nvestorsinbox.net
tp-turbobet77.live
vcxcvfwe22.shop
nlineredirect.cloud
ueyunlaihong.top
uperfastservic.online
itetalk.net
5940.club
oftware-avast.top
articuli.cloud
atin-dating-52735.bond
taticsitescanary.net
tr77.bet
ift-chairs-17834.bond
viviendapro.online
w165.top
martct.info
odiacdigitaltwin.cloud
ires-66750.bond
xtaapp.fun
63719.vip
in-up-casino-skf2.top
ir-condition-81494.bond
Targets
-
-
Target
swift mt 1033.exe
-
Size
743KB
-
MD5
df300e93be84410e629996a8050e47b2
-
SHA1
1ace59620fa5e6b7717a04ad28620e6a61191c80
-
SHA256
36ac663aee997b4b8da3bd498abcbdb91ca180f7afe402ce8ab166099c098cbf
-
SHA512
435302f901c1068288bf80e5726f3f9d0cbb4bfc6a3b489c7e3260698aa0b3e1707a203d3998b99ea183a21f3a1736eaa422fee358d88eb795647d665fa7b705
-
SSDEEP
12288:w38f2uE1zDf5n7Dm1C8T7bl9JrUKrlR+v+Yyf39fiQyHWsUuAPM5Uf8f2:w3u2uO3B4Ck59ReyfN5kWtuAa4u2
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-