General

  • Target

    Swift copy.exe

  • Size

    405KB

  • Sample

    200709-bsnegn98ma

  • MD5

    76e2b77b8945a9d50034405c520fad02

  • SHA1

    6645d985c7a50f7bf5bb1c49716e18f6af7de6ca

  • SHA256

    516b18a120eb6f6380a7df0ff52def508e3da5e79b12a60647cc438e478e3363

  • SHA512

    946aa476a2905bff089bb5fc6ade46f0d4b3202bfc34ca876be40dfd42729cda4556b6960225bef41c126fa206271c970e6d2e8bd7f641307e699169349820ad

Score
7/10

Malware Config

Targets

    • Target

      Swift copy.exe

    • Size

      405KB

    • MD5

      76e2b77b8945a9d50034405c520fad02

    • SHA1

      6645d985c7a50f7bf5bb1c49716e18f6af7de6ca

    • SHA256

      516b18a120eb6f6380a7df0ff52def508e3da5e79b12a60647cc438e478e3363

    • SHA512

      946aa476a2905bff089bb5fc6ade46f0d4b3202bfc34ca876be40dfd42729cda4556b6960225bef41c126fa206271c970e6d2e8bd7f641307e699169349820ad

    Score
    7/10
    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks