Overview

overview

10

Static

static

10

Swift Copy.scr

windows7_x64

6

Swift Copy.scr

windows10_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Swift Copy.scr

  • Size

    68KB

  • Sample

    200402-4v1dv18zrj

  • MD5

    d76d18a2bbae1f5d0800830c55728db6

  • SHA1

    adaf1be40deefb15f8e1be347a17783fb011320e

  • SHA256

    f5e6874bd1365510b8000f560c636eb52d3498f7773e0a148138b00f797c2fb3

  • SHA512

    8989cd9af54e43f96ffb31fd1b3d689b63c1d451dee1adcf4fcf4a550078d288caff321906655c7e8034e04806283217cd08af366dbb6789999018d57a39f9b2

Score
10/10
guloaderevasionspywaretrojan

Malware Config

Targets

    • Target

      Swift Copy.scr

    • Size

      68KB

    • MD5

      d76d18a2bbae1f5d0800830c55728db6

    • SHA1

      adaf1be40deefb15f8e1be347a17783fb011320e

    • SHA256

      f5e6874bd1365510b8000f560c636eb52d3498f7773e0a148138b00f797c2fb3

    • SHA512

      8989cd9af54e43f96ffb31fd1b3d689b63c1d451dee1adcf4fcf4a550078d288caff321906655c7e8034e04806283217cd08af366dbb6789999018d57a39f9b2

    Score
    6/10
    evasionspywaretrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Modifies system certificate store

      evasionspywaretrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks