General
-
Target
swift.exe
-
Size
1016KB
-
Sample
240425-e33vhsfc39
-
MD5
7f5c94b5e120641ba60ccad05710eda4
-
SHA1
2ccff660a2ef669821c62362efbea99e4e238a28
-
SHA256
e243f9678f50e9be30a9a65971da27b36470bb27568707edcb87a06fffb3e99a
-
SHA512
4a6ab0856337cb35fc1df956d8a5dadbc82ecb19bc8214db3b8e48f068f7d6544f52bbc2493670b65b56d8bbae0f73021b5d8097401e3ac251401075d8614304
-
SSDEEP
24576:epO9cxPuT2Vj/wgFXRtl+btB7QVdWfXDE1MIz:epOV6Nz9YbATWvDlI
Static task
static1
Behavioral task
behavioral1
Sample
swift.exe
Resource
win7-20240221-en
Malware Config
Extracted
darkcloud
-
email_from
info@gtvbedding.com
-
email_to
info@gtvbedding.com
Targets
-
-
Target
swift.exe
-
Size
1016KB
-
MD5
7f5c94b5e120641ba60ccad05710eda4
-
SHA1
2ccff660a2ef669821c62362efbea99e4e238a28
-
SHA256
e243f9678f50e9be30a9a65971da27b36470bb27568707edcb87a06fffb3e99a
-
SHA512
4a6ab0856337cb35fc1df956d8a5dadbc82ecb19bc8214db3b8e48f068f7d6544f52bbc2493670b65b56d8bbae0f73021b5d8097401e3ac251401075d8614304
-
SSDEEP
24576:epO9cxPuT2Vj/wgFXRtl+btB7QVdWfXDE1MIz:epOV6Nz9YbATWvDlI
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-