General
-
Target
swan_hwid_spoofer.exe
-
Size
4.8MB
-
Sample
240523-ywyrrsee6w
-
MD5
717ab9f7df653b68dbae21fe9b2bcff2
-
SHA1
8cde651ad0ff2f1e6717429e7753473d4f92eaff
-
SHA256
e9b0ad35e141a14d55b6b301130caf9fb1242a21d5af3ebdca52295286406e1a
-
SHA512
3852d61cc8ad5e2421f8931654d91fca19ce2eec677e1b8c0a8428105592af74164e42b456677bf32717e15cf040efce3a37112833416da9a468eb502953e613
-
SSDEEP
98304:DWlS5eV3HedW23yHfxnq9zgZrcgLx/1qtVSO+PUuqGX/y8:j5eV3e9yI90ZHISO+P9qG
Static task
static1
Behavioral task
behavioral1
Sample
swan_hwid_spoofer.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
swan_hwid_spoofer.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
swan_hwid_spoofer.exe
-
Size
4.8MB
-
MD5
717ab9f7df653b68dbae21fe9b2bcff2
-
SHA1
8cde651ad0ff2f1e6717429e7753473d4f92eaff
-
SHA256
e9b0ad35e141a14d55b6b301130caf9fb1242a21d5af3ebdca52295286406e1a
-
SHA512
3852d61cc8ad5e2421f8931654d91fca19ce2eec677e1b8c0a8428105592af74164e42b456677bf32717e15cf040efce3a37112833416da9a468eb502953e613
-
SSDEEP
98304:DWlS5eV3HedW23yHfxnq9zgZrcgLx/1qtVSO+PUuqGX/y8:j5eV3e9yI90ZHISO+P9qG
Score10/10-
Deletes NTFS Change Journal
The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-