Static task
static1
Behavioral task
behavioral1
Sample
RCP000004689 SWIFT COPY.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
RCP000004689 SWIFT COPY.exe
Resource
win10v2004-20240319-en
General
-
Target
RCP000004689 SWIFT COPY.r00
-
Size
628KB
-
MD5
ebb1f3ce62c28eb763863eb46fb1004c
-
SHA1
396bcb38b2160cfb8fe0f5e188e6b025e45502a7
-
SHA256
d252b1e5d631254ac42e7dadab485984559dd16ff217f6ffc694ef235d6d58e9
-
SHA512
c8405a4ba2682ef487c26c16e9bbe5271cf9a2483be48a88526528dbae698183640a73cdecf7f7c6debb68d8d5c1899de2007055a491ca05b809717a9d4020e1
-
SSDEEP
12288:3JHZN6OiZTg/n8gddyQuoUu21f9WMWyJPm90JbSzuM0YTLaXOU7Pu66ava56+O:J/6O5n84Y3fBrWCPm90JNM0IaXOcugvX
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/RCP000004689 SWIFT COPY.exe
Files
-
RCP000004689 SWIFT COPY.r00.rar
-
RCP000004689 SWIFT COPY.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 648KB - Virtual size: 647KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ