General
-
Target
swift copy.exe
-
Size
1.1MB
-
Sample
240613-qyegxavglq
-
MD5
e9c6a41856090c8eb226b8342166c58a
-
SHA1
217fdcfe9df26442e307ba60ebef9255633f13b8
-
SHA256
491951b8a84f49dd5a5c0bdea5370223a8ac834d47d53a526f628733325dd5c9
-
SHA512
d2a99a05836dd861badc291952db513bcdfb0b5b7f18e733c9fff01ed85559391d1f1dac3ef1ea21ba870fc827ad95db25be98f58132fa59bbc3fdaf2e765ebe
-
SSDEEP
24576:8AHnh+eWsN3skA4RV1Hom2KXMmHa46VQzGOd23X5:bh+ZkldoPK8Ya46qzLdE
Static task
static1
Behavioral task
behavioral1
Sample
swift copy.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
swift copy.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
formbook
4.1
as02
qwin777.com
robinhoods.live
h3jh-dal.pics
braindeadcopywriting.com
kktcbet1000.com
mpo0463.cfd
raboteshoes.com
ab1718.com
lowcrusiers.com
gregcopelandmusic.com
dkfndch.store
firstclassuni.com
00ewu1ub.com
shunweichemical.com
sugarits.com
marqify.com
mistmajik.com
trezip.online
tinytables.xyz
suestergocoaching.com
dominoad.com
specials.website
thatpilatesgirl.com
vrexpressok.com
sdegtho.com
svhomesinspections.com
rumbol88.com
dzplricfpf.com
fastcoolify.com
bloominginwholeness.com
12ser3.com
curtsreno.com
defx.ventures
dev-patel.xyz
ltyidc.com
wheiunudweowuqiwuebfyewui3.com
039c5m2ciwt99.top
pmpm.xyz
akabuka.net
parkerslandscapingllc.com
hamcast.com
jiangcapable.site
sassysensoryclips.com
arsalan.shop
thecryptocaviar.com
ofbsconsulting.com
j8j3e.cfd
cinexgltd.com
justcallnadia.com
qcyiran.com
uniseekglobal.com
milieunightclub.com
sisasimoslot.com
svizzblem.net
20644.asia
shroomberparty.com
contractcrafters.net
selectstylehome.shop
blackhillspr.com
topsolutionquality.online
diywithbje.com
simplywellcoach.com
popothebear.site
entendiendomedicare.com
sopaindam.com
Targets
-
-
Target
swift copy.exe
-
Size
1.1MB
-
MD5
e9c6a41856090c8eb226b8342166c58a
-
SHA1
217fdcfe9df26442e307ba60ebef9255633f13b8
-
SHA256
491951b8a84f49dd5a5c0bdea5370223a8ac834d47d53a526f628733325dd5c9
-
SHA512
d2a99a05836dd861badc291952db513bcdfb0b5b7f18e733c9fff01ed85559391d1f1dac3ef1ea21ba870fc827ad95db25be98f58132fa59bbc3fdaf2e765ebe
-
SSDEEP
24576:8AHnh+eWsN3skA4RV1Hom2KXMmHa46VQzGOd23X5:bh+ZkldoPK8Ya46qzLdE
-
Formbook payload
-
Suspicious use of SetThreadContext
-