5452d5591e734d9e447e2daac94374327b1f81fd48c111b139f0bda6ffad2fc5 | Triage

Sharing

General

Target

SWIFT COPY.exe
Size

698KB
Sample

231011-hfdhwshe64
MD5

3c7ebe1e242ff26c729ace86a057f728
SHA1

38e2b316bac97abe7a889de7e009791b478ac581
SHA256

5452d5591e734d9e447e2daac94374327b1f81fd48c111b139f0bda6ffad2fc5
SHA512

509711b7d3e69b7350dd7b2300654ac90e1098ccf6c2929adf3d7a8c162a93a03e76fd834d777facc6469e1c91d19e3f08c27d8427a69265f526795c6edb7b6a
SSDEEP

12288:7cLAckjb4TZ/N01+tDZsMjJt5tTNR0FbeYQdGwb3y79tlw+GfB:MkH4TZqgtqMjnPTNR0F6pzo3nG

Score

7^/10

Malware Config

Targets

- Target
  
  SWIFT COPY.exe
- Size
  
  698KB
- MD5
  
  3c7ebe1e242ff26c729ace86a057f728
- SHA1
  
  38e2b316bac97abe7a889de7e009791b478ac581
- SHA256
  
  5452d5591e734d9e447e2daac94374327b1f81fd48c111b139f0bda6ffad2fc5
- SHA512
  
  509711b7d3e69b7350dd7b2300654ac90e1098ccf6c2929adf3d7a8c162a93a03e76fd834d777facc6469e1c91d19e3f08c27d8427a69265f526795c6edb7b6a
- SSDEEP
  
  12288:7cLAckjb4TZ/N01+tDZsMjJt5tTNR0FbeYQdGwb3y79tlw+GfB:MkH4TZqgtqMjnPTNR0F6pzo3nG
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2