General
-
Target
PaymentSwift copy.exe
-
Size
3.4MB
-
Sample
210419-dffy2qf11n
-
MD5
83dd88ad8154ed07ee4bd902eb84eb2c
-
SHA1
d6c01ef92834da8a376b555eb9f6da469d3515fc
-
SHA256
b16c4aa0a8ec4b2fc3c6f5323a3bb35f9c4d26c97aeaff4aa874507ffb3339e3
-
SHA512
4064cce0cdc088b0e9611182e9a4e7d02fc01531498743458024ed40de78af6e9b827a14284627b9c33111e8bf5347e6378426b27a1c989fd8c90f294bdb1af9
Static task
static1
Behavioral task
behavioral1
Sample
PaymentSwift copy.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
PaymentSwift copy.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
PaymentSwift copy.exe
-
Size
3.4MB
-
MD5
83dd88ad8154ed07ee4bd902eb84eb2c
-
SHA1
d6c01ef92834da8a376b555eb9f6da469d3515fc
-
SHA256
b16c4aa0a8ec4b2fc3c6f5323a3bb35f9c4d26c97aeaff4aa874507ffb3339e3
-
SHA512
4064cce0cdc088b0e9611182e9a4e7d02fc01531498743458024ed40de78af6e9b827a14284627b9c33111e8bf5347e6378426b27a1c989fd8c90f294bdb1af9
Score10/10-
BitRAT Payload
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-