888da7bca87ef012a0f6718cd7118956aeeec7c0c60863085e064d1b7f232e29 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

SwifdooIns...me.exe

windows7-x64

7

SwifdooIns...me.exe

windows10-2004-x64

7

Sharing

General

Target

SwifdooInstaller_stable_en_home.exe
Size

37.3MB
Sample

230323-mdp65agh7w
MD5

d654b89c9407e4fdaf531d21a8bd6d0e
SHA1

84c1db908efdd5cfa0e7cfb063051296d0bed411
SHA256

888da7bca87ef012a0f6718cd7118956aeeec7c0c60863085e064d1b7f232e29
SHA512

d268924582c252afa368b7f5987882a737292b9d819cfee08e1a342c9b1080d01b5f39e48bfb6bb5f32baf497eeb232157f98fa29b37505676f4d9c6a57fc8c1
SSDEEP

786432:fay5ljaBW3l/oSL6fQfKJBRe+2NOop6QUwZcrddcNoMB3krYm1NO:ii08i7vk+2NOopXUwZCcV8

Score

7^/10

bootkit discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

SwifdooInstaller_stable_en_home.exe

Resource

win7-20230220-en

bootkit discovery persistence

windows7-x64

16 signatures

600 seconds

Behavioral task

behavioral2

Sample

SwifdooInstaller_stable_en_home.exe

Resource

win10v2004-20230220-en

bootkit persistence

windows10-2004-x64

5 signatures

600 seconds

Malware Config

Targets

- Target
  
  SwifdooInstaller_stable_en_home.exe
- Size
  
  37.3MB
- MD5
  
  d654b89c9407e4fdaf531d21a8bd6d0e
- SHA1
  
  84c1db908efdd5cfa0e7cfb063051296d0bed411
- SHA256
  
  888da7bca87ef012a0f6718cd7118956aeeec7c0c60863085e064d1b7f232e29
- SHA512
  
  d268924582c252afa368b7f5987882a737292b9d819cfee08e1a342c9b1080d01b5f39e48bfb6bb5f32baf497eeb232157f98fa29b37505676f4d9c6a57fc8c1
- SSDEEP
  
  786432:fay5ljaBW3l/oSL6fQfKJBRe+2NOop6QUwZcrddcNoMB3krYm1NO:ii08i7vk+2NOopXUwZCcV8
Score

7^/10

bootkit discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitpersistence

© 2018-2024

Terms | Privacy