General
-
Target
SwiftCopies.js
-
Size
249KB
-
Sample
210113-3tn2nljp8a
-
MD5
c64283d97b88c7596e77dbe2cf07aa96
-
SHA1
adc39012adf334ae763bed7d3986b7c5488e610f
-
SHA256
99806dffcac81a0036f89ac02826ef83ab0c0affe42f9d3276c7a73416712e99
-
SHA512
e6f31cea207546b9bc8e04a86e17e6a3b1d7185fda4a0e1186c113e523109f83d55a6979996a9123e6b55c65755a760571c21808c8326d3bad288ba926d8552a
Static task
static1
Behavioral task
behavioral1
Sample
SwiftCopies.js
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SwiftCopies.js
Resource
win10v20201028
Malware Config
Targets
-
-
Target
SwiftCopies.js
-
Size
249KB
-
MD5
c64283d97b88c7596e77dbe2cf07aa96
-
SHA1
adc39012adf334ae763bed7d3986b7c5488e610f
-
SHA256
99806dffcac81a0036f89ac02826ef83ab0c0affe42f9d3276c7a73416712e99
-
SHA512
e6f31cea207546b9bc8e04a86e17e6a3b1d7185fda4a0e1186c113e523109f83d55a6979996a9123e6b55c65755a760571c21808c8326d3bad288ba926d8552a
Score8/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-