General
-
Target
Swift copy.exe
-
Size
405KB
-
Sample
200709-bsnegn98ma
-
MD5
76e2b77b8945a9d50034405c520fad02
-
SHA1
6645d985c7a50f7bf5bb1c49716e18f6af7de6ca
-
SHA256
516b18a120eb6f6380a7df0ff52def508e3da5e79b12a60647cc438e478e3363
-
SHA512
946aa476a2905bff089bb5fc6ade46f0d4b3202bfc34ca876be40dfd42729cda4556b6960225bef41c126fa206271c970e6d2e8bd7f641307e699169349820ad
Static task
static1
Behavioral task
behavioral1
Sample
Swift copy.exe
Resource
win7
Behavioral task
behavioral2
Sample
Swift copy.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
Swift copy.exe
-
Size
405KB
-
MD5
76e2b77b8945a9d50034405c520fad02
-
SHA1
6645d985c7a50f7bf5bb1c49716e18f6af7de6ca
-
SHA256
516b18a120eb6f6380a7df0ff52def508e3da5e79b12a60647cc438e478e3363
-
SHA512
946aa476a2905bff089bb5fc6ade46f0d4b3202bfc34ca876be40dfd42729cda4556b6960225bef41c126fa206271c970e6d2e8bd7f641307e699169349820ad
Score7/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-