Source: 5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.10.unpack |
Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Username": "info2@obynnehhhan.com", "Password": "G$MUuYG3", "Host": "smtp.obynnehhhan.com"} |
Source: SWIFT_09903094858577_900039388883-TRF.exe |
ReversingLabs: Detection: 14% |
Source: 5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.10.unpack |
Avira: Label: TR/Spy.Gen8 |
Source: 5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.6.unpack |
Avira: Label: TR/Spy.Gen8 |
Source: 5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.8.unpack |
Avira: Label: TR/Spy.Gen8 |
Source: 5.2.SWIFT_09903094858577_900039388883-TRF.exe.400000.0.unpack |
Avira: Label: TR/Spy.Gen8 |
Source: 5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.4.unpack |
Avira: Label: TR/Spy.Gen8 |
Source: 5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.12.unpack |
Avira: Label: TR/Spy.Gen8 |
Source: SWIFT_09903094858577_900039388883-TRF.exe |
Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE |
Source: SWIFT_09903094858577_900039388883-TRF.exe |
Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: |
Binary string: C:\Users\Administrator\Desktop\Client\Temp\qqnRZsIIHB\src\obj\x86\Debug\EndNoGCRegionSta.pdb source: SWIFT_09903094858577_900039388883-TRF.exe |
Source: Yara match |
File source: 5.2.SWIFT_09903094858577_900039388883-TRF.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.8.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.10.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.6.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 5.0.SWIFT_09903094858577_900039388883-TRF.exe.400000.12.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SWIFT_09903094858577_900039388883-TRF.exe.3a42990.7.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SWIFT_09903094858577_900039388883-TRF.exe.3a77fb0.6.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SWIFT_09903094858577_900039388883-TRF.exe.3a0b570.5.raw.unpack, type: UNPACKEDPE |
Source: SWIFT_09903094858577_900039388883-TRF.exe, 00000005.00000002.658655626.0000000002981000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: SWIFT_09903094858577_900039388883-TRF.exe, 00000005.00000002.658655626.0000000002981000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: SWIFT_09903094858577_900039388883-TRF.exe, 00000005.00000002.658655626.0000000002981000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://PcwsIt.com |
Source: SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.383685174.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.383533455.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.382882779.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.382936594.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.383196986.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.383385022.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.383631334.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.383173518.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.383781752.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.383835216.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.383871610.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000002.433941853.0000000006B42000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.383237347.000000000594B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://fontfabrik.com |
Source: SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.383173518.000000000594B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://fontfabrik.com( |
Source: SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.383196986.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.383237347.000000000594B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://fontfabrik.comXt |
Source: SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.388913948.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.388626362.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000002.433941853.0000000006B42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
Source: SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.392243224.0000000005953000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.ascendercorp.com/typedesigners.html |
Source: SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.392243224.0000000005953000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.ascendercorp.com/typedesigners.htmlt |
Source: SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.389820126.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.389238092.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.389684405.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.389302234.000000000594B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.carterandcone.comhe |
Source: SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000002.433941853.0000000006B42000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.carterandcone.coml |
Source: SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.389820126.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.389238092.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.389684405.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.390043191.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.389302234.000000000594B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.carterandcone.como.I |
Source: SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.397005721.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.395545730.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.395905005.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.394677111.000000000594C000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.395269106.000000000594C000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.394982067.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.394707605.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.395764736.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.394772042.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.396726657.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.396326776.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.397528108.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.396066018.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.394876176.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.395374356.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.395078050.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.397361974.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000003.395186808.000000000594B000.00000004.00000800.00020000.00000000.sdmp, SWIFT_09903094858577_900039388883-TRF.exe, 00000000.00000002.433941853.0000000006B42000.00000004.00000800.0002 |