General
-
Target
8134CD2CDC9E2DE14E9E7C172CF0D21F4487B2A6138CEE7CFE31AAF3E51CEA38
-
Size
169KB
-
Sample
221123-r2f1ksda9y
-
MD5
ba0630458aadd3cef7bae3d81308ae62
-
SHA1
b71ff4c0d0c39208e5f4ff4df479575db62d0f34
-
SHA256
8134cd2cdc9e2de14e9e7c172cf0d21f4487b2a6138cee7cfe31aaf3e51cea38
-
SHA512
aa6a8d73bf76becc9ea997a3ebd0df9976533fd19016b5e413717f9df47250b8bba41ba58c328ab975bb64296a25f5b2d9195dd45a242c1c6965e7a962950763
-
SSDEEP
3072:OFP4jvjAm4vqKqfya0zaxJMqbDYFq4nAQ5u7K0PXgcOqZ4tBZSLAvlitusD1tltQ:c474iKqfyaCKMYU75u7K0PQcmtbJvlKu
Static task
static1
Behavioral task
behavioral1
Sample
swift_171122_004282741.vbs
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
swift_171122_004282741.vbs
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
swift_171122_004282741.vbs
-
Size
370KB
-
MD5
a82f7d67394a27c89d9b031cd33519dc
-
SHA1
8c8380b6ee1c7fa18d81bc3c13a5d47513e541ce
-
SHA256
9c19f70567380da124d3cf07402a79b0801bc075a9b58e22055a489f801823ed
-
SHA512
38f536ba12de9d4534cf45217b8615fcbd548d9d412b72d27368c9c224a450aeff0b7fd82c5d8e2529f7e57216a5a8902f9448de3c5438f0b00aa8d7a5ae9ec3
-
SSDEEP
6144:fkC1Fb24JNP0SzlXIy4Mpig4bp+Yz+bIaXZ3xrIWIUzkIsZ/sImKIfx/skINxF0B:DFb2aP0StIy4E4l+PDf+O
Score7/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-