Overview

overview

9

Static

static

7

Swift.exe

windows7-x64

7

Swift.exe

windows10-2004-x64

9

Resubmissions

28/03/2025, 23:17

250328-29x9yavqv9 9

28/03/2025, 23:15

250328-28pw6stvc1 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Swift.exe

  • Size

    20.1MB

  • Sample

    250328-28pw6stvc1

  • MD5

    532e28bfd55208ef66d609a48a65cf91

  • SHA1

    5da3a7f1a437cae4109b4c052b7de697bc58a674

  • SHA256

    3b19486b4e14b206ec8ab2602ec6a430f9fce7ef40247b1e1f4c6f004ee468b4

  • SHA512

    10c57c4bd1c18242405bb7ac89361121b6169f3444122dbef246e4605b0f793f205a9fb36f5a8d820e9c8617bddb9df65b9590acbaada19a89ac7a064a23a0f1

  • SSDEEP

    393216:V8JNpovBLKnLuJxQBqYuIavH5Cmq+Je5tmCTtu32syZ1k3hqdE7w:VMpWNW0mBqfvH5SZtlTtuGZgxqdcw

Score
9/10
defense_evasiondiscoveryexecutionthemidatrojan

Malware Config

Targets

    • Target

      Swift.exe

    • Size

      20.1MB

    • MD5

      532e28bfd55208ef66d609a48a65cf91

    • SHA1

      5da3a7f1a437cae4109b4c052b7de697bc58a674

    • SHA256

      3b19486b4e14b206ec8ab2602ec6a430f9fce7ef40247b1e1f4c6f004ee468b4

    • SHA512

      10c57c4bd1c18242405bb7ac89361121b6169f3444122dbef246e4605b0f793f205a9fb36f5a8d820e9c8617bddb9df65b9590acbaada19a89ac7a064a23a0f1

    • SSDEEP

      393216:V8JNpovBLKnLuJxQBqYuIavH5Cmq+Je5tmCTtu32syZ1k3hqdE7w:VMpWNW0mBqfvH5SZtlTtuGZgxqdcw

    Score
    9/10
    themidadefense_evasiondiscoveryexecutiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      defense_evasiontrojan

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks