General
-
Target
SWIFT TRSF EUR2763O.PDF.js
-
Size
24KB
-
Sample
210113-wka6qxek3e
-
MD5
5858b1c3f3a59e6f8974138e16abbc34
-
SHA1
09242052cec1f1c6dc0f9a2927513962f4e2b944
-
SHA256
03f82590c595df2bb4247b1b9489713773fa800cacfbf38b811b35f97e9c4504
-
SHA512
1a3f0212ad754d5338ebdf7021ecc5d22f3e30f33cc9ef006d0a44aaffe3f4e68a8d77d5d27b2cd4d931734e7d36f92df808736c0649ac7baf19e9e99da30714
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT TRSF EUR2763O.PDF.js
Resource
win7v20201028
Malware Config
Targets
-
-
Target
SWIFT TRSF EUR2763O.PDF.js
-
Size
24KB
-
MD5
5858b1c3f3a59e6f8974138e16abbc34
-
SHA1
09242052cec1f1c6dc0f9a2927513962f4e2b944
-
SHA256
03f82590c595df2bb4247b1b9489713773fa800cacfbf38b811b35f97e9c4504
-
SHA512
1a3f0212ad754d5338ebdf7021ecc5d22f3e30f33cc9ef006d0a44aaffe3f4e68a8d77d5d27b2cd4d931734e7d36f92df808736c0649ac7baf19e9e99da30714
-
Blocklisted process makes network request
-
Drops startup file
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-