Overview
overview
10Static
static
10BidvestBan...re.exe
windows7-x64
BidvestBan...re.exe
windows10-2004-x64
BidvestBan...ed.exe
windows7-x64
BidvestBan...ed.exe
windows10-2004-x64
BidvestBan...el.exe
windows7-x64
BidvestBan...el.exe
windows10-2004-x64
BidvestBan...on.exe
windows7-x64
BidvestBan...on.exe
windows10-2004-x64
BidvestBan...re.exe
windows7-x64
BidvestBan...re.exe
windows10-2004-x64
BidvestBan...ed.exe
windows7-x64
BidvestBan...ed.exe
windows10-2004-x64
Swift-Beac...ed.exe
windows7-x64
1Swift-Beac...ed.exe
windows10-2004-x64
1Swift-Slee...ss.exe
windows7-x64
1Swift-Slee...ss.exe
windows10-2004-x64
1Swift-Stag...ed.exe
windows7-x64
1Swift-Stag...ed.exe
windows10-2004-x64
1Swift-serv...ed.exe
windows7-x64
1Swift-serv...ed.exe
windows10-2004-x64
1Swift-slee...ts.dll
windows7-x64
3Swift-slee...ts.dll
windows10-2004-x64
3demon.x64.exe
windows7-x64
1demon.x64.exe
windows10-2004-x64
1demon.x641.exe
windows7-x64
1demon.x641.exe
windows10-2004-x64
1index.html
windows7-x64
3index.html
windows10-2004-x64
3index.html
windows7-x64
3index.html
windows10-2004-x64
3swift-bypa...ts.exe
windows7-x64
1swift-bypa...ts.exe
windows10-2004-x64
1General
-
Target
16911629.zip
-
Size
11.0MB
-
Sample
241018-j7vf6awfra
-
MD5
fda726743e9e29a546c08e00bc587880
-
SHA1
da7bedaa8e8e1a020e8736eed7a18ca3f2dde5cd
-
SHA256
a76bac98d674d5501d423e9569910a732977baeb3a50f86326710fc874a66206
-
SHA512
9ddd5b3ada8e682357f07ea8b19c78731b0b46ea4a6ebb442a3a09af52803651eb527278e79a7bf060a212e54e5abe1c7b3c29734d81f8cf3ee52d3164332fc7
-
SSDEEP
196608:8NeoqtDpR7X3oGZhagctD2iypqn7jBjtNcyMATDFpqYVeFjyamthv6KFw74T5Utd:sqtHroMhJc8iZn7j9ncy3lpqYVUjmtjs
Behavioral task
behavioral1
Sample
BidvestBank-Swift--DNS-evasion-encrypted-no-cloudflare.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
BidvestBank-Swift--DNS-evasion-encrypted-no-cloudflare.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
BidvestBank-Swift-AD686-evasion-encrypted.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
BidvestBank-Swift-AD686-evasion-encrypted.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
BidvestBank-Swift-DNS-Tunnel.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
BidvestBank-Swift-DNS-Tunnel.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
BidvestBank-Swift-Manual-Evasion.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
BidvestBank-Swift-Manual-Evasion.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
BidvestBank-Swift-evasion-encrypted-no-cloudflare.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
BidvestBank-Swift-evasion-encrypted-no-cloudflare.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
BidvestBank-Swift-ssh-evasion-encrypted.exe
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
BidvestBank-Swift-ssh-evasion-encrypted.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Swift-Beacon-Encrypted.exe
Resource
win7-20240729-en
Behavioral task
behavioral14
Sample
Swift-Beacon-Encrypted.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
Swift-Sleep-bypass.exe
Resource
win7-20241010-en
Behavioral task
behavioral16
Sample
Swift-Sleep-bypass.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
Swift-Stage1-Obfuscated.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
Swift-Stage1-Obfuscated.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
Swift-service-encrypted-obuscated.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
Swift-service-encrypted-obuscated.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
Swift-sleep10-jitter-50-amsiPatch-Breakpoints.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
Swift-sleep10-jitter-50-amsiPatch-Breakpoints.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
demon.x64.exe
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
demon.x64.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
demon.x641.exe
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
demon.x641.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
index.html
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
index.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
index.html
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
index.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
swift-bypass-breakpoints.exe
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
swift-bypass-breakpoints.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
BidvestBank-Swift--DNS-evasion-encrypted-no-cloudflare.exe
-
Size
1KB
-
MD5
e1d61b6f2ead585a67f2a3bbf51fe5f8
-
SHA1
325cbdc894b044e21bb409cbccb602d92ff9fcc0
-
SHA256
3cedcfd685fc0372bc6624670a3c830201485b2b9944e35d53e182fcfe6dc01e
-
SHA512
8495587cf0af9ef4c185606b5e7fc6916acd0651034bbed4dc6638b9915c40190ad30f074e6a42c6b929f70a526697d7b72a37647f9c1a341b1b6c10922f819e
Score1/10 -
-
-
Target
BidvestBank-Swift-AD686-evasion-encrypted.exe
-
Size
1KB
-
MD5
c113b57ff3e09b4296ebbd85bc8dd73e
-
SHA1
d4410746690798c159eb84ddd43fb8c4898437fc
-
SHA256
5f04f6ec0a23d4c53fed030f87d7bccc034a7cc1fe14ce0c83f3856d0309be72
-
SHA512
5c3e4a7cbdfc18407dae7dae151430e78e87e0fbd962bd45fa9b610edb2eb54a0145153539713548bb9c7005418171c0ea2010d5f8efc40648c575b13d512384
Score1/10 -
-
-
Target
BidvestBank-Swift-DNS-Tunnel.exe
-
Size
1KB
-
MD5
6d513ae9921118a00216b18ef1f00c60
-
SHA1
da339b2d489e9cc1329ca5d637f184aff19c5163
-
SHA256
ee5094722b75240eadf7a89add82487769307a1a7e5b8a14fb3ce854d5974e16
-
SHA512
55620c10c488146786924330a81d964cd0d18f244557f11e91f7ec39f9b96c22eaaa8024796e7a0bcc9955c70d8ab1767b135edc3c4809067cd5cf226bfd8b77
Score1/10 -
-
-
Target
BidvestBank-Swift-Manual-Evasion.exe
-
Size
1KB
-
MD5
240cd57c3c56ad058fd637dd1f024a23
-
SHA1
a759e7e14912e9594cc53a9eb51cc4b20d2580d2
-
SHA256
f406bfe6bc650c8c967654fd4d73589e4406ed2cafbba3724181d904f1ac30ee
-
SHA512
97f4cae9ebe6029b4977901218e7bbe439c9a405a4ffb8c325f0e209ca5c1e44ed0b7b9decb5f3103e43a19f35a7c09bf73bee9c0af5de44b5b5769be805c841
Score1/10 -
-
-
Target
BidvestBank-Swift-evasion-encrypted-no-cloudflare.exe
-
Size
1KB
-
MD5
f02500ff3ffe88a71041133bb3785b69
-
SHA1
bc9488d359809cb6e7aa6530a6aea869028b2649
-
SHA256
a3317022d4230fd50b88562b7e92c8006a8f78d4f1436f296e0aaac126aed834
-
SHA512
753fe662db9b884ea58a2cc8b5aac950cd2d12eee585c92dc93122fc8b1554b8ffbf58a780769198a27cd6cf2f3f8ef2d9f88506cd491746bc53041446d9e9e4
Score1/10 -
-
-
Target
BidvestBank-Swift-ssh-evasion-encrypted.exe
-
Size
1KB
-
MD5
3061b64994fa1e01b42b2400aa8ee289
-
SHA1
c3bf84a2ad6ce337ee7a97e582e7e23019970c89
-
SHA256
fc6986a8b877eb38d882e3fe96b6edcd6c357d611b76f4cfc6873e272acc293a
-
SHA512
935fca51adb2af0c327abe02dfd5d5fe9ae955bbf13dcc5a580ca535c47c7f57f44d507337e680be61bad4eb25f2ce986de692e49182073c41956b24fc870e7d
Score1/10 -
-
-
Target
Swift-Beacon-Encrypted.exe
-
Size
15.0MB
-
MD5
f6c13f50e458190d3058984b766954dc
-
SHA1
39a727e1a25583ab5e5b94daf3b58e7ab3068ea0
-
SHA256
cdaf492c993c9e64b6d299496bd57d52ddd362a32cff1dd9576bb07a6950edfe
-
SHA512
f3add75f077e36f353a7e61e5e06d81c78394c322c2932e1f9442f89169c57d71cbdb1f264df5a5f682bee2c7474925eafe24f95e50885b69b88a039a89b321b
-
SSDEEP
98304:S3rqQkYrlnKkmDqkvVRvs05Ovxn1ZMAY3xE1feYe35:CrqxkmDqCPvs05OV1ZMAY3S1Ru5
Score1/10 -
-
-
Target
Swift-Sleep-bypass.exe
-
Size
100KB
-
MD5
7a8f8e764dc64d0ee5faed04014d1794
-
SHA1
3bd240c7bd0384e6ddd6dbec2781cab56382001d
-
SHA256
c1a79af2db1fd681a749a3c496c0d40b6f493b8cef94baefcfe7d3522eceedea
-
SHA512
bd5af0cbdd6a4cd11eb23c821a5c6b7f28f3f110c5098b04f23c1e4baba0d7ac204da272793c43175a52106716034ffe7f9f4bc9a15ba8cd589cd6658f943b90
-
SSDEEP
1536:4E+YqDg5t/yMYBYKDQ0H1xOksEQT4bpMBRVMAyXcFoFOZx:EFGt/yMTI91xOkKpMAyXzOZx
Score1/10 -
-
-
Target
Swift-Stage1-Obfuscated.exe
-
Size
14.9MB
-
MD5
0444eb9fbbf0d5ee3718acafd88e0843
-
SHA1
7f4d40eee7d5db0605333f5c903afc8f2a047fcc
-
SHA256
a3ae935dad0de2657b032a70d1908f622b3cf54fc53f01a69d5f086e21ad4d9a
-
SHA512
f1dafc1e0a19ea13433253ecba16c6171e61c51c86585c6a2c14fa5b7be84e61f7afe91819763178928e1437ca7fc86715da3cea0dc9dd86617687fce7e2d5a5
-
SSDEEP
98304:c3UXpov5aERAzq5km7dLb5isMTLr85uuUfQOEXymdY+DiG:sUXpQn/iswLr859Ufs7MG
Score1/10 -
-
-
Target
Swift-service-encrypted-obuscated.exe
-
Size
111KB
-
MD5
34aa449b4fb52742bc830e10b7efe47b
-
SHA1
2c8080fa6a48a92df1eae081a4fab3bd6fc949a2
-
SHA256
a87ec35ffa4d698eddfe69cea22dccba56afe78fbd34529672d3eedc98b84350
-
SHA512
09e3ef2055cbc19e9c2fba53d5d01d2f842f825f4c6e9dd5a7965bb042f25fe850c1207c149ab1635603b1452f6ea949cee29a2ba617bda37e34e06612a80450
-
SSDEEP
1536:DvJpJxKKiqPCeSKgfQCYwTdeKihaXuxxOBxgbU7BSZXcDJnX2kd7:lE/eC/KgfQCDAhaXus+cDJX2kd7
Score1/10 -
-
-
Target
Swift-sleep10-jitter-50-amsiPatch-Breakpoints.dll
-
Size
95KB
-
MD5
68ab6bcbb50fb8f895e92f8c00e350ff
-
SHA1
127adb4b8367aa3f37aaf3ed72cfe79690170023
-
SHA256
e72717c3598893ddb4444f71747b3010171ed14737d63d043ecf9ec7844fd5a5
-
SHA512
cfca9a672e20c1e644681a8e222c7b2f4fb0324139f3bebf17daa88b187b7cac773f2c666797e87b4c5cb85cf282dc669d99507ca370bb6cceebb4ac3b701b00
-
SSDEEP
1536:evuO66CQjyU5vgRGHegBARoU9d8jeD+F7n5ULKwJFtwMciaGYOI3lRdgf:evuF6CQ2OgM+e9cCyD+Fj5UL/JjBaGYy
Score3/10 -
-
-
Target
demon.x64.exe
-
Size
100KB
-
MD5
806425052861a58f462b8e18b7502ae6
-
SHA1
5420baed36ecfb3df7727effddcff30723e1cd86
-
SHA256
db58a931d38306d3925aba738425200f14fc3e93054f5f3e3fdea3813c23e366
-
SHA512
6ea49ba15d438e5f7286637eb21f71ed22fc8ba9a2638bac740f59d4a17d2ad3c0ef4821a14fe628285c7327c26f86656ebb7e54b241892e634e1745a3658018
-
SSDEEP
1536:pE+YqDg5t/yMYBYKDQ0H1xOksEQT4bpMBRVMAyXcFoFOPx:7FGt/yMTI91xOkKpMAyXzOPx
Score1/10 -
-
-
Target
demon.x641.exe
-
Size
100KB
-
MD5
c2649b34f50484344a60cee642baa697
-
SHA1
950653e79ac2fa2d10fcd31a7dd973d02896419e
-
SHA256
b646ecc8fbd94b4b583cc46ed8443bf2e6596095ff087a5591abf0f9fb1b6fb3
-
SHA512
1c37cbf7c2a8fc8e1bcf6caf1c9241c39645ee71c55c005d4ff29f349aca2e35a35bdb47ef0a092a15c97416886eb06401a871d3940bb8eec7021d43ff3dd3be
-
SSDEEP
1536:uE+YqDg5t/yMYBYKDQ0H1xOksEQT4bpMBRVMAyXcFoFOUx:aFGt/yMTI91xOkKpMAyXzOUx
Score1/10 -
-
-
Target
index.bak
-
Size
3KB
-
MD5
e9c0e5414b847b8e3706709cfefd0e43
-
SHA1
882484283af5fabab3527c6c549129b847b86e85
-
SHA256
c44a16ab709f1eb785eab59e792329f774975ffeb5ce123148a5e55c634b8269
-
SHA512
d2cd992f5f6897f25e2e488633e528497a88194218acab69a9c01d62459bfa61b8746f070edf13549e6f0299736885ef86ac59351256d0491ed7c0eee005b2b8
Score3/10 -
-
-
Target
index.jvh
-
Size
4KB
-
MD5
5ddae141accb377a8e93b1cd3336d683
-
SHA1
764a599646237bcf8a252a389042ed2b9dcaada5
-
SHA256
1e3956c57206e1bb9bab9d8559456e8f0779cba7d9908ef37f5fd5c07c1d2b21
-
SHA512
eb9b9723454beffac57c325a120487e08060797db33aaacb1f654160a90beb939daecbe44506d72ba77d5494748821f24d175d14d5a4772fdbf36e2767acd092
-
SSDEEP
96:ZznRJ/ZlS7LlHJlOtY8Fi0R91FJS8d7M++3td5H5Csgfn:ZbRJ/PS7LhJQa8Fi0R91FJSkRAL5Csgf
Score3/10 -
-
-
Target
swift-bypass-breakpoints.exe
-
Size
100KB
-
MD5
20c633524cd5febea9dc735458b4c382
-
SHA1
fb4580589ae597b7d0ed7ac64cac765ccef1fd28
-
SHA256
12d1b3cfd5b410cc39cd4b74a699c4d31846f551fae776a542f4d26d45c61808
-
SHA512
c460198d73d691668c0b64ff974e8bfc7305ca038cdf549918088711d086bb7686577106c1ffae863125c4dc80e23e494e224e2db522dd54cfaf9c723fad5fc7
-
SSDEEP
1536:3E+YqDg5t/yMYBYKDQ0H1xOksEQT4bpMBRVMAyXcFoFOpx:BFGt/yMTI91xOkKpMAyXzOpx
Score1/10 -