Overview

overview

8

Static

static

7

HWID_Swoofer.exe

windows10-1703-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HWID_Swoofer.exe

  • Size

    5.1MB

  • Sample

    230331-t6fxgsda6w

  • MD5

    2401767168b533cee90da13673c0f30d

  • SHA1

    b4c763d3e0c75fd97b654e9f8905bc5cc4adc45b

  • SHA256

    63d8575d2e7d4ac1f43197e5730370f3ffd6b4d2400c836fd6c4b4d559fec407

  • SHA512

    c7253ff6914d12395d2d1d0c8f480777d31ea4fca90177db3a5b961421e99e6f4fb9c4a0fd543f2b70658f6ba484637fdf454547a139ebf319f8ac677ea4345e

  • SSDEEP

    98304:PCd+b+tvofM6wG5rx9K+SQt/BkcSMdAsNtq13Fv4t:ad+Kd6wIgQt5RS2N3o2

Score
8/10
evasionvmprotect

Malware Config

Targets

    • Target

      HWID_Swoofer.exe

    • Size

      5.1MB

    • MD5

      2401767168b533cee90da13673c0f30d

    • SHA1

      b4c763d3e0c75fd97b654e9f8905bc5cc4adc45b

    • SHA256

      63d8575d2e7d4ac1f43197e5730370f3ffd6b4d2400c836fd6c4b4d559fec407

    • SHA512

      c7253ff6914d12395d2d1d0c8f480777d31ea4fca90177db3a5b961421e99e6f4fb9c4a0fd543f2b70658f6ba484637fdf454547a139ebf319f8ac677ea4345e

    • SSDEEP

      98304:PCd+b+tvofM6wG5rx9K+SQt/BkcSMdAsNtq13Fv4t:ad+Kd6wIgQt5RS2N3o2

    Score
    8/10
    evasionvmprotect

    • Stops running service(s)

      evasion

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Impair Defenses

1
T1562

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

1
T1489

Tasks