General

  • Target

    16911629.zip

  • Size

    11.0MB

  • Sample

    241018-j7vf6awfra

  • MD5

    fda726743e9e29a546c08e00bc587880

  • SHA1

    da7bedaa8e8e1a020e8736eed7a18ca3f2dde5cd

  • SHA256

    a76bac98d674d5501d423e9569910a732977baeb3a50f86326710fc874a66206

  • SHA512

    9ddd5b3ada8e682357f07ea8b19c78731b0b46ea4a6ebb442a3a09af52803651eb527278e79a7bf060a212e54e5abe1c7b3c29734d81f8cf3ee52d3164332fc7

  • SSDEEP

    196608:8NeoqtDpR7X3oGZhagctD2iypqn7jBjtNcyMATDFpqYVeFjyamthv6KFw74T5Utd:sqtHroMhJc8iZn7j9ncy3lpqYVUjmtjs

Score
10/10

Malware Config

Targets

    • Target

      BidvestBank-Swift--DNS-evasion-encrypted-no-cloudflare.exe

    • Size

      1KB

    • MD5

      e1d61b6f2ead585a67f2a3bbf51fe5f8

    • SHA1

      325cbdc894b044e21bb409cbccb602d92ff9fcc0

    • SHA256

      3cedcfd685fc0372bc6624670a3c830201485b2b9944e35d53e182fcfe6dc01e

    • SHA512

      8495587cf0af9ef4c185606b5e7fc6916acd0651034bbed4dc6638b9915c40190ad30f074e6a42c6b929f70a526697d7b72a37647f9c1a341b1b6c10922f819e

    Score
    1/10
    • Target

      BidvestBank-Swift-AD686-evasion-encrypted.exe

    • Size

      1KB

    • MD5

      c113b57ff3e09b4296ebbd85bc8dd73e

    • SHA1

      d4410746690798c159eb84ddd43fb8c4898437fc

    • SHA256

      5f04f6ec0a23d4c53fed030f87d7bccc034a7cc1fe14ce0c83f3856d0309be72

    • SHA512

      5c3e4a7cbdfc18407dae7dae151430e78e87e0fbd962bd45fa9b610edb2eb54a0145153539713548bb9c7005418171c0ea2010d5f8efc40648c575b13d512384

    Score
    1/10
    • Target

      BidvestBank-Swift-DNS-Tunnel.exe

    • Size

      1KB

    • MD5

      6d513ae9921118a00216b18ef1f00c60

    • SHA1

      da339b2d489e9cc1329ca5d637f184aff19c5163

    • SHA256

      ee5094722b75240eadf7a89add82487769307a1a7e5b8a14fb3ce854d5974e16

    • SHA512

      55620c10c488146786924330a81d964cd0d18f244557f11e91f7ec39f9b96c22eaaa8024796e7a0bcc9955c70d8ab1767b135edc3c4809067cd5cf226bfd8b77

    Score
    1/10
    • Target

      BidvestBank-Swift-Manual-Evasion.exe

    • Size

      1KB

    • MD5

      240cd57c3c56ad058fd637dd1f024a23

    • SHA1

      a759e7e14912e9594cc53a9eb51cc4b20d2580d2

    • SHA256

      f406bfe6bc650c8c967654fd4d73589e4406ed2cafbba3724181d904f1ac30ee

    • SHA512

      97f4cae9ebe6029b4977901218e7bbe439c9a405a4ffb8c325f0e209ca5c1e44ed0b7b9decb5f3103e43a19f35a7c09bf73bee9c0af5de44b5b5769be805c841

    Score
    1/10
    • Target

      BidvestBank-Swift-evasion-encrypted-no-cloudflare.exe

    • Size

      1KB

    • MD5

      f02500ff3ffe88a71041133bb3785b69

    • SHA1

      bc9488d359809cb6e7aa6530a6aea869028b2649

    • SHA256

      a3317022d4230fd50b88562b7e92c8006a8f78d4f1436f296e0aaac126aed834

    • SHA512

      753fe662db9b884ea58a2cc8b5aac950cd2d12eee585c92dc93122fc8b1554b8ffbf58a780769198a27cd6cf2f3f8ef2d9f88506cd491746bc53041446d9e9e4

    Score
    1/10
    • Target

      BidvestBank-Swift-ssh-evasion-encrypted.exe

    • Size

      1KB

    • MD5

      3061b64994fa1e01b42b2400aa8ee289

    • SHA1

      c3bf84a2ad6ce337ee7a97e582e7e23019970c89

    • SHA256

      fc6986a8b877eb38d882e3fe96b6edcd6c357d611b76f4cfc6873e272acc293a

    • SHA512

      935fca51adb2af0c327abe02dfd5d5fe9ae955bbf13dcc5a580ca535c47c7f57f44d507337e680be61bad4eb25f2ce986de692e49182073c41956b24fc870e7d

    Score
    1/10
    • Target

      Swift-Beacon-Encrypted.exe

    • Size

      15.0MB

    • MD5

      f6c13f50e458190d3058984b766954dc

    • SHA1

      39a727e1a25583ab5e5b94daf3b58e7ab3068ea0

    • SHA256

      cdaf492c993c9e64b6d299496bd57d52ddd362a32cff1dd9576bb07a6950edfe

    • SHA512

      f3add75f077e36f353a7e61e5e06d81c78394c322c2932e1f9442f89169c57d71cbdb1f264df5a5f682bee2c7474925eafe24f95e50885b69b88a039a89b321b

    • SSDEEP

      98304:S3rqQkYrlnKkmDqkvVRvs05Ovxn1ZMAY3xE1feYe35:CrqxkmDqCPvs05OV1ZMAY3S1Ru5

    Score
    1/10
    • Target

      Swift-Sleep-bypass.exe

    • Size

      100KB

    • MD5

      7a8f8e764dc64d0ee5faed04014d1794

    • SHA1

      3bd240c7bd0384e6ddd6dbec2781cab56382001d

    • SHA256

      c1a79af2db1fd681a749a3c496c0d40b6f493b8cef94baefcfe7d3522eceedea

    • SHA512

      bd5af0cbdd6a4cd11eb23c821a5c6b7f28f3f110c5098b04f23c1e4baba0d7ac204da272793c43175a52106716034ffe7f9f4bc9a15ba8cd589cd6658f943b90

    • SSDEEP

      1536:4E+YqDg5t/yMYBYKDQ0H1xOksEQT4bpMBRVMAyXcFoFOZx:EFGt/yMTI91xOkKpMAyXzOZx

    Score
    1/10
    • Target

      Swift-Stage1-Obfuscated.exe

    • Size

      14.9MB

    • MD5

      0444eb9fbbf0d5ee3718acafd88e0843

    • SHA1

      7f4d40eee7d5db0605333f5c903afc8f2a047fcc

    • SHA256

      a3ae935dad0de2657b032a70d1908f622b3cf54fc53f01a69d5f086e21ad4d9a

    • SHA512

      f1dafc1e0a19ea13433253ecba16c6171e61c51c86585c6a2c14fa5b7be84e61f7afe91819763178928e1437ca7fc86715da3cea0dc9dd86617687fce7e2d5a5

    • SSDEEP

      98304:c3UXpov5aERAzq5km7dLb5isMTLr85uuUfQOEXymdY+DiG:sUXpQn/iswLr859Ufs7MG

    Score
    1/10
    • Target

      Swift-service-encrypted-obuscated.exe

    • Size

      111KB

    • MD5

      34aa449b4fb52742bc830e10b7efe47b

    • SHA1

      2c8080fa6a48a92df1eae081a4fab3bd6fc949a2

    • SHA256

      a87ec35ffa4d698eddfe69cea22dccba56afe78fbd34529672d3eedc98b84350

    • SHA512

      09e3ef2055cbc19e9c2fba53d5d01d2f842f825f4c6e9dd5a7965bb042f25fe850c1207c149ab1635603b1452f6ea949cee29a2ba617bda37e34e06612a80450

    • SSDEEP

      1536:DvJpJxKKiqPCeSKgfQCYwTdeKihaXuxxOBxgbU7BSZXcDJnX2kd7:lE/eC/KgfQCDAhaXus+cDJX2kd7

    Score
    1/10
    • Target

      Swift-sleep10-jitter-50-amsiPatch-Breakpoints.dll

    • Size

      95KB

    • MD5

      68ab6bcbb50fb8f895e92f8c00e350ff

    • SHA1

      127adb4b8367aa3f37aaf3ed72cfe79690170023

    • SHA256

      e72717c3598893ddb4444f71747b3010171ed14737d63d043ecf9ec7844fd5a5

    • SHA512

      cfca9a672e20c1e644681a8e222c7b2f4fb0324139f3bebf17daa88b187b7cac773f2c666797e87b4c5cb85cf282dc669d99507ca370bb6cceebb4ac3b701b00

    • SSDEEP

      1536:evuO66CQjyU5vgRGHegBARoU9d8jeD+F7n5ULKwJFtwMciaGYOI3lRdgf:evuF6CQ2OgM+e9cCyD+Fj5UL/JjBaGYy

    Score
    3/10
    • Target

      demon.x64.exe

    • Size

      100KB

    • MD5

      806425052861a58f462b8e18b7502ae6

    • SHA1

      5420baed36ecfb3df7727effddcff30723e1cd86

    • SHA256

      db58a931d38306d3925aba738425200f14fc3e93054f5f3e3fdea3813c23e366

    • SHA512

      6ea49ba15d438e5f7286637eb21f71ed22fc8ba9a2638bac740f59d4a17d2ad3c0ef4821a14fe628285c7327c26f86656ebb7e54b241892e634e1745a3658018

    • SSDEEP

      1536:pE+YqDg5t/yMYBYKDQ0H1xOksEQT4bpMBRVMAyXcFoFOPx:7FGt/yMTI91xOkKpMAyXzOPx

    Score
    1/10
    • Target

      demon.x641.exe

    • Size

      100KB

    • MD5

      c2649b34f50484344a60cee642baa697

    • SHA1

      950653e79ac2fa2d10fcd31a7dd973d02896419e

    • SHA256

      b646ecc8fbd94b4b583cc46ed8443bf2e6596095ff087a5591abf0f9fb1b6fb3

    • SHA512

      1c37cbf7c2a8fc8e1bcf6caf1c9241c39645ee71c55c005d4ff29f349aca2e35a35bdb47ef0a092a15c97416886eb06401a871d3940bb8eec7021d43ff3dd3be

    • SSDEEP

      1536:uE+YqDg5t/yMYBYKDQ0H1xOksEQT4bpMBRVMAyXcFoFOUx:aFGt/yMTI91xOkKpMAyXzOUx

    Score
    1/10
    • Target

      index.bak

    • Size

      3KB

    • MD5

      e9c0e5414b847b8e3706709cfefd0e43

    • SHA1

      882484283af5fabab3527c6c549129b847b86e85

    • SHA256

      c44a16ab709f1eb785eab59e792329f774975ffeb5ce123148a5e55c634b8269

    • SHA512

      d2cd992f5f6897f25e2e488633e528497a88194218acab69a9c01d62459bfa61b8746f070edf13549e6f0299736885ef86ac59351256d0491ed7c0eee005b2b8

    Score
    3/10
    • Target

      index.jvh

    • Size

      4KB

    • MD5

      5ddae141accb377a8e93b1cd3336d683

    • SHA1

      764a599646237bcf8a252a389042ed2b9dcaada5

    • SHA256

      1e3956c57206e1bb9bab9d8559456e8f0779cba7d9908ef37f5fd5c07c1d2b21

    • SHA512

      eb9b9723454beffac57c325a120487e08060797db33aaacb1f654160a90beb939daecbe44506d72ba77d5494748821f24d175d14d5a4772fdbf36e2767acd092

    • SSDEEP

      96:ZznRJ/ZlS7LlHJlOtY8Fi0R91FJS8d7M++3td5H5Csgfn:ZbRJ/PS7LhJQa8Fi0R91FJSkRAL5Csgf

    Score
    3/10
    • Target

      swift-bypass-breakpoints.exe

    • Size

      100KB

    • MD5

      20c633524cd5febea9dc735458b4c382

    • SHA1

      fb4580589ae597b7d0ed7ac64cac765ccef1fd28

    • SHA256

      12d1b3cfd5b410cc39cd4b74a699c4d31846f551fae776a542f4d26d45c61808

    • SHA512

      c460198d73d691668c0b64ff974e8bfc7305ca038cdf549918088711d086bb7686577106c1ffae863125c4dc80e23e494e224e2db522dd54cfaf9c723fad5fc7

    • SSDEEP

      1536:3E+YqDg5t/yMYBYKDQ0H1xOksEQT4bpMBRVMAyXcFoFOpx:BFGt/yMTI91xOkKpMAyXzOpx

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

sliver
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

Score
1/10

behavioral32

Score
1/10