Overview

overview

8

Static

static

SwiftCopies.js

windows7_x64

8

SwiftCopies.js

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SwiftCopies.js

  • Size

    249KB

  • Sample

    210113-3tn2nljp8a

  • MD5

    c64283d97b88c7596e77dbe2cf07aa96

  • SHA1

    adc39012adf334ae763bed7d3986b7c5488e610f

  • SHA256

    99806dffcac81a0036f89ac02826ef83ab0c0affe42f9d3276c7a73416712e99

  • SHA512

    e6f31cea207546b9bc8e04a86e17e6a3b1d7185fda4a0e1186c113e523109f83d55a6979996a9123e6b55c65755a760571c21808c8326d3bad288ba926d8552a

Score
8/10
persistence

Malware Config

Targets

    • Target

      SwiftCopies.js

    • Size

      249KB

    • MD5

      c64283d97b88c7596e77dbe2cf07aa96

    • SHA1

      adc39012adf334ae763bed7d3986b7c5488e610f

    • SHA256

      99806dffcac81a0036f89ac02826ef83ab0c0affe42f9d3276c7a73416712e99

    • SHA512

      e6f31cea207546b9bc8e04a86e17e6a3b1d7185fda4a0e1186c113e523109f83d55a6979996a9123e6b55c65755a760571c21808c8326d3bad288ba926d8552a

    Score
    8/10
    persistence

    • Blocklisted process makes network request

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks