General

  • Target

    HSBC-00923.exe

  • Size

    1.1MB

  • Sample

    230726-l1nfdaag54

  • MD5

    30bf5cc67dfdab0d061e4a94e382c1d6

  • SHA1

    60ba01b86a1df951d9ae1dac19493337b185176b

  • SHA256

    c96d918fa251f8c7aa3a3ce7dcecc7ee9f2841254a32815812cefc6fe83e101f

  • SHA512

    e3e3110a6af185def4228e99d2e7ba38a20faea686025da5ae3746afbb6f3c94ee73a0bf319ce09856c4e091f0ba8b79fc07e6a22a6a0faf53d0ad3925793c9e

  • SSDEEP

    24576:GrarisNNgjIzBApx/Wg1M88dF0h8tlBnE:Grarislax/Wg1MjF0qtl1E

Score
10/10

Malware Config

Targets

    • Target

      HSBC-00923.exe

    • Size

      1.1MB

    • MD5

      30bf5cc67dfdab0d061e4a94e382c1d6

    • SHA1

      60ba01b86a1df951d9ae1dac19493337b185176b

    • SHA256

      c96d918fa251f8c7aa3a3ce7dcecc7ee9f2841254a32815812cefc6fe83e101f

    • SHA512

      e3e3110a6af185def4228e99d2e7ba38a20faea686025da5ae3746afbb6f3c94ee73a0bf319ce09856c4e091f0ba8b79fc07e6a22a6a0faf53d0ad3925793c9e

    • SSDEEP

      24576:GrarisNNgjIzBApx/Wg1M88dF0h8tlBnE:Grarislax/Wg1MjF0qtl1E

    Score
    10/10
    • DarkCloud

      An information stealer written in Visual Basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks