Overview

overview

10

Static

static

5

swift copy.exe

windows7-x64

10

swift copy.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    swift copy.exe

  • Size

    1.1MB

  • Sample

    240613-qyegxavglq

  • MD5

    e9c6a41856090c8eb226b8342166c58a

  • SHA1

    217fdcfe9df26442e307ba60ebef9255633f13b8

  • SHA256

    491951b8a84f49dd5a5c0bdea5370223a8ac834d47d53a526f628733325dd5c9

  • SHA512

    d2a99a05836dd861badc291952db513bcdfb0b5b7f18e733c9fff01ed85559391d1f1dac3ef1ea21ba870fc827ad95db25be98f58132fa59bbc3fdaf2e765ebe

  • SSDEEP

    24576:8AHnh+eWsN3skA4RV1Hom2KXMmHa46VQzGOd23X5:bh+ZkldoPK8Ya46qzLdE

Score
10/10
formbookas02ratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

as02

Decoy

qwin777.com

robinhoods.live

h3jh-dal.pics

braindeadcopywriting.com

kktcbet1000.com

mpo0463.cfd

raboteshoes.com

ab1718.com

lowcrusiers.com

gregcopelandmusic.com

dkfndch.store

firstclassuni.com

00ewu1ub.com

shunweichemical.com

sugarits.com

marqify.com

mistmajik.com

trezip.online

tinytables.xyz

suestergocoaching.com

Targets

    • Target

      swift copy.exe

    • Size

      1.1MB

    • MD5

      e9c6a41856090c8eb226b8342166c58a

    • SHA1

      217fdcfe9df26442e307ba60ebef9255633f13b8

    • SHA256

      491951b8a84f49dd5a5c0bdea5370223a8ac834d47d53a526f628733325dd5c9

    • SHA512

      d2a99a05836dd861badc291952db513bcdfb0b5b7f18e733c9fff01ed85559391d1f1dac3ef1ea21ba870fc827ad95db25be98f58132fa59bbc3fdaf2e765ebe

    • SSDEEP

      24576:8AHnh+eWsN3skA4RV1Hom2KXMmHa46VQzGOd23X5:bh+ZkldoPK8Ya46qzLdE

    Score
    10/10
    formbookas02ratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks