General
-
Target
SWIFT_COPY20240604.cmd
-
Size
3.6MB
-
Sample
240607-pawkvagg69
-
MD5
af9e835fc667bc0d5623fb958c85d10e
-
SHA1
38d325758725552205de9ab138cb0828c7b632bf
-
SHA256
b4e86c38b2b424b473220586c583c7da8ecb98d192581ef0ba37774911cf8351
-
SHA512
e690c98c0f265262049624576b55b3f792e8a59ba230594f24ac740924faa27a1ee8acb7e3eac511a0c181d0554b785113e31e410746ce7c948a119689cb323f
-
SSDEEP
49152:vgk00JywMTAermhoGyBDj1kwXui5zlrT2Da0QhEQ:A
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT_COPY20240604.cmd
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
SWIFT_COPY20240604.cmd
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
SWIFT_COPY20240604.cmd
-
Size
3.6MB
-
MD5
af9e835fc667bc0d5623fb958c85d10e
-
SHA1
38d325758725552205de9ab138cb0828c7b632bf
-
SHA256
b4e86c38b2b424b473220586c583c7da8ecb98d192581ef0ba37774911cf8351
-
SHA512
e690c98c0f265262049624576b55b3f792e8a59ba230594f24ac740924faa27a1ee8acb7e3eac511a0c181d0554b785113e31e410746ce7c948a119689cb323f
-
SSDEEP
49152:vgk00JywMTAermhoGyBDj1kwXui5zlrT2Da0QhEQ:A
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-