8a30ebc969b8b7048eeff42b5c3c28ce294f3bc845531bf6f1c9269c8ef21ee6 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

Swift.exe

windows10-2004-x64

9

Swift.exe

windows11-21h2-x64

9

Sharing

General

Target

Swift.exe
Size

20.5MB
Sample

250415-ygfmmszpv3
MD5

70f9de7c18e51b892285bff4c2fa8785
SHA1

0d8e30d948b30eab3039bea5e438fbad63714a82
SHA256

8a30ebc969b8b7048eeff42b5c3c28ce294f3bc845531bf6f1c9269c8ef21ee6
SHA512

90ab288fc847e900a330e5063bced989a68529f13fe0127355d3f3686063afaa19f3580295c9d657144c803b10a2343ef360ccb7ba894ab3f6d8591c5ec9a50d
SSDEEP

393216:FNvARqkv+0mXvPU/KzaNYg1XxVqOzP5e0AuN/kdryhbBFA4I:nqHMG0ayg1hEU40pMhyhbBF4

Score

9^/10

defense_evasion discovery execution themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Swift.exe

Resource

win10v2004-20250314-en

defense_evasion discovery execution themida trojan

windows10-2004-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

Swift.exe

Resource

win11-20250410-en

defense_evasion discovery execution themida trojan

windows11-21h2-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  Swift.exe
- Size
  
  20.5MB
- MD5
  
  70f9de7c18e51b892285bff4c2fa8785
- SHA1
  
  0d8e30d948b30eab3039bea5e438fbad63714a82
- SHA256
  
  8a30ebc969b8b7048eeff42b5c3c28ce294f3bc845531bf6f1c9269c8ef21ee6
- SHA512
  
  90ab288fc847e900a330e5063bced989a68529f13fe0127355d3f3686063afaa19f3580295c9d657144c803b10a2343ef360ccb7ba894ab3f6d8591c5ec9a50d
- SSDEEP
  
  393216:FNvARqkv+0mXvPU/KzaNYg1XxVqOzP5e0AuN/kdryhbBFA4I:nqHMG0ayg1hEU40pMhyhbBF4
Score

9^/10

defense_evasion discovery execution themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Downloads MZ/PE file
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  defense_evasion trojan
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Enumerates processes with tasklist
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Browser Information Discovery

Network Share Discovery

Process Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecutionthemidatrojan

behavioral2

defense_evasiondiscoveryexecutionthemidatrojan

© 2018-2025

Terms | Privacy