Overview

overview

7

Static

static

swift_1711...41.vbs

windows7-x64

7

swift_1711...41.vbs

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8134CD2CDC9E2DE14E9E7C172CF0D21F4487B2A6138CEE7CFE31AAF3E51CEA38

  • Size

    169KB

  • Sample

    221123-r2f1ksda9y

  • MD5

    ba0630458aadd3cef7bae3d81308ae62

  • SHA1

    b71ff4c0d0c39208e5f4ff4df479575db62d0f34

  • SHA256

    8134cd2cdc9e2de14e9e7c172cf0d21f4487b2a6138cee7cfe31aaf3e51cea38

  • SHA512

    aa6a8d73bf76becc9ea997a3ebd0df9976533fd19016b5e413717f9df47250b8bba41ba58c328ab975bb64296a25f5b2d9195dd45a242c1c6965e7a962950763

  • SSDEEP

    3072:OFP4jvjAm4vqKqfya0zaxJMqbDYFq4nAQ5u7K0PXgcOqZ4tBZSLAvlitusD1tltQ:c474iKqfyaCKMYU75u7K0PQcmtbJvlKu

Score
7/10

Malware Config

Targets

    • Target

      swift_171122_004282741.vbs

    • Size

      370KB

    • MD5

      a82f7d67394a27c89d9b031cd33519dc

    • SHA1

      8c8380b6ee1c7fa18d81bc3c13a5d47513e541ce

    • SHA256

      9c19f70567380da124d3cf07402a79b0801bc075a9b58e22055a489f801823ed

    • SHA512

      38f536ba12de9d4534cf45217b8615fcbd548d9d412b72d27368c9c224a450aeff0b7fd82c5d8e2529f7e57216a5a8902f9448de3c5438f0b00aa8d7a5ae9ec3

    • SSDEEP

      6144:fkC1Fb24JNP0SzlXIy4Mpig4bp+Yz+bIaXZ3xrIWIUzkIsZ/sImKIfx/skINxF0B:DFb2aP0StIy4E4l+PDf+O

    Score
    7/10

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks