General
-
Target
SWIFT REF.exe
-
Size
1.1MB
-
Sample
221201-wjrftadf72
-
MD5
cb9bc8e2f918725b9d28925aa42cba1e
-
SHA1
fedbd5f39e13a4dffe8b4d1e36d3c50bdf9f433b
-
SHA256
f3a184f74b8326b79d5f99aa2a412b18fa50f89b55017f852b4e74713342eae2
-
SHA512
8dea90cc898a04cb50b0760281e160838e35fc9ca22734ea66f0b2308bdecea6891eb278b47c6bbf3a35f0896ae86dfcb6467a3247f48afe3d9fb828275479bd
-
SSDEEP
24576:REAojIr4A11gcBQqcsrF6NCg0fJACQU4I6bB589j:KAoMr4A115S5u6NT0fJAC14I6bQ
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT REF.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
SWIFT REF.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
SWIFT REF.exe
-
Size
1.1MB
-
MD5
cb9bc8e2f918725b9d28925aa42cba1e
-
SHA1
fedbd5f39e13a4dffe8b4d1e36d3c50bdf9f433b
-
SHA256
f3a184f74b8326b79d5f99aa2a412b18fa50f89b55017f852b4e74713342eae2
-
SHA512
8dea90cc898a04cb50b0760281e160838e35fc9ca22734ea66f0b2308bdecea6891eb278b47c6bbf3a35f0896ae86dfcb6467a3247f48afe3d9fb828275479bd
-
SSDEEP
24576:REAojIr4A11gcBQqcsrF6NCg0fJACQU4I6bB589j:KAoMr4A115S5u6NT0fJAC14I6bQ
Score10/10-
Detect Neshta payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-