Overview

overview

10

Static

static

1

HSBC Payme...ce.exe

windows7-x64

7

HSBC Payme...ce.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HSBC Payment Advice.img

  • Size

    1.2MB

  • Sample

    230213-ce5cbshd9y

  • MD5

    31888a77763a2af6f9939636835de110

  • SHA1

    8895383f00951e7d27213ec683cd6ac4a48ab801

  • SHA256

    0c2eca721aa2dae3339e30b491e04817384879754f02913a72acd0af6d7e1129

  • SHA512

    da4544cf46335a4019ee7cdaf07c79e51ad7b6273dbad2999d703d152705b3d3d2d3102babdb72819f1769aff194a71e8b1143fc327ca431346e3ef40efe2575

  • SSDEEP

    6144:jyIB9qSljbH5svbNAvVgVX1U8faOsrX6Oc/XR6jbUaEgKLC2K:X9BOvy4UqaOsrE/BObGT

Score
10/10
guloaderdiscoverydownloader

Malware Config

Targets

    • Target

      HSBC Payment Advice.com

    • Size

      338KB

    • MD5

      2b97bba2c3586f53239de1202dd5a589

    • SHA1

      18fd9d9b2992399b87b23ab66b711301ba38f693

    • SHA256

      91c2e0730c8d4f84cd8095c2b21ab42046d6248ca1b068afc02cf41769b5dfda

    • SHA512

      be8d4afcfeb79d4fc93577dec0bd174864da91b23ffdfcd04ed2ba494a04507f809ae94f90b43b040cad5e6a84f0bc1b522edb9b18aeaf1db73d6992928d53fe

    • SSDEEP

      6144:/yIB9qSljbH5svbNAvVgVX1U8faOsrX6Oc/XR6jbUaEgKLC2K4:79BOvy4UqaOsrE/BObGT5

    Score
    10/10
    discoveryguloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks