BAE Systems analyzed custom malware linked to the Bangladesh Bank SWIFT heist, where attackers attempted to transfer $951 million and $81 million remained unaccounted for. The malware was built for an environment running SWIFT Alliance Access with an Oracle database, registered itself as a service, and parsed local SWIFT FIN messages to identify attacker-defined transaction strings. It could patch a SWIFT Alliance module in memory to bypass a conditional authorization check, then generate SQL statements to delete transaction records or manipulate balance-reporting data. The tooling also used an encrypted configuration file, local logging paths, and command-and-control callbacks tied to SWIFT login and logout events, showing detailed knowledge of the victim payment infrastructure.