General

  • Target

    HSBC_banking_Advice_pdf.exe

  • Size

    949KB

  • Sample

    201205-n4d4at5azj

  • MD5

    44471d960821c049852bd8bddadfc4a4

  • SHA1

    4da7b28a0305133f5a43f9840270cf48285abe77

  • SHA256

    1c7ea067e8315ff74c2cb39781a2b444a462342b1f44ef9c6b300f5217cc0ffe

  • SHA512

    57c792c52e05fbb6b69300bbff001447f5b6811496769f550432b1f985f8e9f6948de9e09d58ddcc17d7fe6e4b2b57af8d4988cc743a99bc7da0f04cb2b0dc2e

Score
7/10

Malware Config

Targets

    • Target

      HSBC_banking_Advice_pdf.exe

    • Size

      949KB

    • MD5

      44471d960821c049852bd8bddadfc4a4

    • SHA1

      4da7b28a0305133f5a43f9840270cf48285abe77

    • SHA256

      1c7ea067e8315ff74c2cb39781a2b444a462342b1f44ef9c6b300f5217cc0ffe

    • SHA512

      57c792c52e05fbb6b69300bbff001447f5b6811496769f550432b1f985f8e9f6948de9e09d58ddcc17d7fe6e4b2b57af8d4988cc743a99bc7da0f04cb2b0dc2e

    Score
    7/10
    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Credential Access

Credentials in Files

2
T1081

Collection

Data from Local System

2
T1005

Tasks