Overview

overview

10

Static

static

10

SwipeBack ...dh.exe

windows7-x64

7

SwipeBack ...dh.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SwipeBackChair.rar

  • Size

    8.1MB

  • Sample

    250209-mr7ckaxpft

  • MD5

    9c1832e8777e8233d01f6ca917853434

  • SHA1

    64fa2d895c5d400ecd435c6b5f3959e7a29f4842

  • SHA256

    56d6db5067585d3023b1b718412c9122c5118b6eafe3ae4c6ccf51a7ac27a0c0

  • SHA512

    ab1cd76cbcc06855429088c9af32bbabbbdaea95475d5626e4cda45f76d844aee2b2f3e64da704d1aeec69c5e3f787353df5aaf575f169bcd09ae3af0727e80a

  • SSDEEP

    196608:mIOTylRa63nxglmwkQVVPI95h5ys8LPkh2EXhAspHO9k2:mIOuXBomwkkgjHys8zkhThAcu9k2

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      SwipeBack Chair/aBEB8bdHD289hdh.exe

    • Size

      27.0MB

    • MD5

      d340abcb41fda7d1146c4e20b803aa51

    • SHA1

      92e787fd0b2230ed1a0992a2e446d2ef7247bb03

    • SHA256

      365dbea247c5bdc08638f3103768bb7fe6f8432e9fff0e3f8b8acd068e76698a

    • SHA512

      bb4ddc68c439beabda5363806b70eee02358f9d8d5e436f7a764fea216b03573f1b0a9c1bee02374e6738ad1dd21f8c53d5c924f7ba3dec81b4c4aaaf2ac3dfb

    • SSDEEP

      196608:YL1d2wfI9jUCnORird1KfbLOYFSEcN2oc+nBIdAxd:uBIHOQ76bE1nnBIQ

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks