DigitalSide Threat Intel

Swift-Beacon-Encrypted.exe

First submission 2024-10-17 18:58:07

File details

File type: PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Mime type: application/x-dosexec
File size: 15383.0 KB (15752192 bytes)
Compile time: 1970-01-01 01:00:00
MD5: f6c13f50e458190d3058984b766954dc
SHA1: 39a727e1a25583ab5e5b94daf3b58e7ab3068ea0
SHA256: cdaf492c993c9e64b6d299496bd57d52ddd362a32cff1dd9576bb07a6950edfe
Import Hash : f0ea7b7844bbc5bfa9bb32efdcea957c
Sections 6 .text .rdata .data .idata .reloc .symtab
Directories 2 import relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 55/77 VT report date: 2024-10-13 18:17:01
Malware Type 2 trojan hacktool
Threat Type 3 sliver dump marte

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://169.1.16.29/Swift-Beacon-Encrypted.exe VirusTotal Report 169.1.16.29 VirusTotal Report 2024-10-17 18:58:08

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x91655d 9528832 e07fe7e5dadab873195cae2c9ac7ee12f0cfcd7a 0603b9bf471b5ae628ed167be6c9fc3b
.rdata 0x918000 0x584eb8 5787648 1c98a8079965c48b657e6d84540d13e9c0620a53 451b1560a82c36853712d8507aafcf0e
.data 0xe9d000 0xaf370 266752 7d444c651a11b15cf01d89b9aedd73443bc5ff8d f8feac69ceddab0fa893a7741f739b99
.idata 0xf4d000 0x490 1536 4cbf661fbcccd454b3feae8778423c369cf0adae 937095e440377ab670a23b0fd5f89d59
.reloc 0xf4e000 0x28532 165376 c53f550fef86facfa4013bd600a5f5af08ed58b5 74b8b3513d46997d18933e90b2dc928c
.symtab 0xf77000 0x4 512 943ae54f4818e52409fbbaf60ffd71318d966b0d 07b5472d347d42780469fb2654b7fc54

Strings analysis - File found

Log
dyfqEPG.(*VMRMtAUH1fc).Log
Library
_32.dll
rof.dll
KERNEL32.dll
L32.DLL
i32.dll

Strings analysis - Possible IPs found 3

5.4.52.5
72.5.4.82
4.62.5.4

Strings analysis - Possible URLs found 1

http://invalidkpasswdlookup

Import functions

Function Address Souspicious Anti Debug
WriteFile 0x129d040
WriteConsoleW 0x129d048
WaitForMultipleObjects 0x129d050
WaitForSingleObject 0x129d058
VirtualQuery 0x129d060
VirtualFree 0x129d068
VirtualAlloc 0x129d070
TlsAlloc 0x129d078
SwitchToThread 0x129d080
SuspendThread 0x129d088
SetWaitableTimer 0x129d090
SetUnhandledExceptionFilter 0x129d098
SetProcessPriorityBoost 0x129d0a0
SetEvent 0x129d0a8
SetErrorMode 0x129d0b0
SetConsoleCtrlHandler 0x129d0b8
ResumeThread 0x129d0c0
PostQueuedCompletionStatus 0x129d0c8
LoadLibraryA 0x129d0d0
LoadLibraryW 0x129d0d8
SetThreadContext 0x129d0e0
GetThreadContext 0x129d0e8
GetSystemInfo 0x129d0f0
GetSystemDirectoryA 0x129d0f8
GetStdHandle 0x129d100
GetQueuedCompletionStatusEx 0x129d108
GetProcessAffinityMask 0x129d110
GetProcAddress 0x129d118
GetEnvironmentStringsW 0x129d120
GetConsoleMode 0x129d128
FreeEnvironmentStringsW 0x129d130
ExitProcess 0x129d138
DuplicateHandle 0x129d140
CreateWaitableTimerExW 0x129d148
CreateThread 0x129d150
CreateIoCompletionPort 0x129d158
CreateFileA 0x129d160
CreateEventA 0x129d168
CloseHandle 0x129d170
AddVectoredExceptionHandler 0x129d178

Related files by ImpHash 13 f0ea7b7844bbc5bfa9bb32efdcea957c

Name Latest seen MD5
test1.exe 2023-04-17 11:53:05 eae20dc5eacb216a11b23d6a8c0e33d7
torbrowser-install-win64-12.0.7_ALL.exe 2023-06-19 06:03:03 92c0b25164e3d01e24e33a18ec2c901c
BLONDE_BURN-OUT.exe 2024-05-30 14:49:03 9cfae68caf4b61735e80d67f0d40783a
BEWILDERED_PERFORMANCE.exe 2024-05-30 14:50:03 8a507369e99f1dfd5e592ef24ce405d7
PAYABLE_USER.exe 2024-05-30 14:51:03 ea33b7eb965d8b552a75349946963151
my.exe 2024-07-07 16:54:27 6470b936622d9502880cae6452d1bb48
EXACT_ITEM.exe 2024-07-08 20:46:09 9babf09115135e3726636ed32790bd36
999.html 2024-09-25 12:31:21 e0b11d0fba0e8c49d4f268e831bccc7a
WG.exe 2024-09-28 16:30:09 4af44ceaf166bd6c4f8c328ccc2263b7
MTLS.exe 2024-09-28 16:40:11 f34858ad51b208fba47332eebcfa2cd0
Doc.exe 2024-10-15 18:34:03 2746a7120bce30e9230a2e71a9ad909f
test 2024-10-06 13:12:29 b0ae4f9828164bfe4c0187529b8800cb
Swift-Stage1-Obfuscated.exe 2024-10-17 18:57:12 0444eb9fbbf0d5ee3718acafd88e0843