Overview

overview

7

Static

static

3

HSBC_UKToo....6.exe

windows10-1703-x64

4

$PLUGINSDI...ns.dll

windows10-1703-x64

3

$PLUGINSDI...LL.dll

windows10-1703-x64

3

$PLUGINSDI...em.dll

windows10-1703-x64

3

$PLUGINSDI...al.ini

windows10-1703-x64

1

$PLUGINSDI...rd.bmp

windows10-1703-x64

4

$SYSDIR/CF...SP.dll

windows10-1703-x64

3

$SYSDIR/CF...PI.dll

windows10-1703-x64

1

$SYSDIR/CF...IB.dll

windows10-1703-x64

3

$SYSDIR/CF...11.dll

windows10-1703-x64

1

$SYSDIR/CF...RV.exe

windows10-1703-x64

1

$SYSDIR/CF...sp.dll

windows10-1703-x64

1

$SYSDIR/CF...sp.sig

windows10-1703-x64

3

$SYSDIR/Cr...BC.exe

windows10-1703-x64

7

$PLUGINSDI...em.dll

windows10-1703-x64

3

$SYSDIR/Cr...64.dll

windows10-1703-x64

7

$SYSDIR/Cr...86.dll

windows10-1703-x64

1

$SYSDIR/np...86.dll

windows10-1703-x64

3

CryptoKitH...86.exe

windows10-1703-x64

1

com.cfca.C...x.json

windows10-1703-x64

3

com.cfca.C...n.json

windows10-1703-x64

3

uninst.exe.nsis

windows10-1703-x64

3

HSBC_UKeyTool.exe

windows10-1703-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HSBC_UKToolv1.0.0.6.exe

  • Size

    3.5MB

  • Sample

    240529-tlmjjaca56

  • MD5

    7b7702067e951bd5efd6930025432c64

  • SHA1

    dc9130c769472eeadeac380c0fc40029d2e8e295

  • SHA256

    55453f794fbc569bf4afdf593aa27ff863bf1e1c67c7ccb5eb7bf48f29ff0de4

  • SHA512

    7c107885607c73121f1dfc6ab3f7f6c3e2c21264229eb9b3551fc9bb5e6bf830d4fd072ba900ab039715e99afc50d79ce6812c646ca4531f88fdbfe07e3930f7

  • SSDEEP

    98304:8XBnHfsvIWrreL4Zld+oyjgCCPMBHyiciqK8DWoYoA2e:SnEbe0MjgCCPMBSictGQe

Score
7/10
discoverypersistence

Malware Config

Targets

    • Target

      HSBC_UKToolv1.0.0.6.exe

    • Size

      3.5MB

    • MD5

      7b7702067e951bd5efd6930025432c64

    • SHA1

      dc9130c769472eeadeac380c0fc40029d2e8e295

    • SHA256

      55453f794fbc569bf4afdf593aa27ff863bf1e1c67c7ccb5eb7bf48f29ff0de4

    • SHA512

      7c107885607c73121f1dfc6ab3f7f6c3e2c21264229eb9b3551fc9bb5e6bf830d4fd072ba900ab039715e99afc50d79ce6812c646ca4531f88fdbfe07e3930f7

    • SSDEEP

      98304:8XBnHfsvIWrreL4Zld+oyjgCCPMBHyiciqK8DWoYoA2e:SnEbe0MjgCCPMBSictGQe

    Score
    4/10
    behavioral1

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      15KB

    • MD5

      09d8971beefefffd710030dd167a99e0

    • SHA1

      a0117786ad77213f3eb48cfdc3819786cb796b7d

    • SHA256

      caf64a4e9449220ba618a9aa2ae4ed3774c5d0f193bda44be22676c27ae0ec95

    • SHA512

      3956f0c6bcdf033e4a10ab33872a66e0668da28ec31cb7a2c67ef7266d7c0845998a2a85a6cc25aba1df73909df8104119cf5f1f86c1e91f8fd201765aea49f0

    • SSDEEP

      384:EhC43tPegZ3eBaRwCPOYY7nNYXC8/Yosa:EoTgZ3eBTCmrnNAI

    Score
    3/10
    behavioral2

    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      4KB

    • MD5

      c1e153f9fa1001eb9fb34bbc4a3f3927

    • SHA1

      dfca2dcce9b0486114692a23776191627b0c9839

    • SHA256

      e594544cc4b4a0a5439a2b9a79db14e580d815c87e353781c47d4eab5e313b8e

    • SHA512

      d2a7c2853b56f60f710dcea27c346dbd22593c98e5c000c22650613851f26e505b12260bcfc050473e97c2796a91c94a3c201785dad4d95de0b4e2de35c3a41f

    • SSDEEP

      48:C4ojqpOxUcbslAR1k5eKv8rbvHMgiqCmZuwJQ7TLSMXaIYatzbgAa4l5YAZ:SEeFslARoeK8rDHMgTCmj/MqoRb+4l

    Score
    3/10
    behavioral3

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      8cf2ac271d7679b1d68eefc1ae0c5618

    • SHA1

      7cc1caaa747ee16dc894a600a4256f64fa65a9b8

    • SHA256

      6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

    • SHA512

      ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

    • SSDEEP

      192:BenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XB9IwL:B8+Qlt70Fj/lQRY/9VjjlL

    Score
    3/10
    behavioral4

    • Target

      $PLUGINSDIR/ioSpecial.ini

    • Size

      211B

    • MD5

      e2d5070bc28db1ac745613689ff86067

    • SHA1

      282e080b4cf847174c5c11e4f9157b8c338ecb19

    • SHA256

      d95aed234f932a1c48a2b1b0d98c60ca31f962310c03158e2884ab4ddd3ea1e0

    • SHA512

      a50ca2014869629135b54e848f03cb4983ad8029cd811300d02b0fc54de0436185f418fea4d3db888eb0f3170e33a59d486aa885f024ab29e630e9bc0ae1a2de

    Score
    1/10
    behavioral5

    • Target

      $PLUGINSDIR/modern-wizard.bmp

    • Size

      25KB

    • MD5

      cbe40fd2b1ec96daedc65da172d90022

    • SHA1

      366c216220aa4329dff6c485fd0e9b0f4f0a7944

    • SHA256

      3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

    • SHA512

      62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

    • SSDEEP

      24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz

    Score
    4/10
    behavioral6

    • Target

      $SYSDIR/CFCA_HSBC_CSP.dll

    • Size

      186KB

    • MD5

      3381efa4d0deaf0722439c0abd15f35f

    • SHA1

      46bbc73777b4954749055c6c7a534cf8f0422556

    • SHA256

      d9ecbdc7e2e31764549f5b7a5e8dce46cdfd6dd0664d491ec7203ba5253f610c

    • SHA512

      eb560a40f589aec56cf2acb8229ba12c4a41dd5b835b0f79c5b583d28e6939751d544cb99bf7aa733cca269097123f05072a6eadadee0e490e4cb98de0a486d5

    • SSDEEP

      3072:1rWstMq2tqGBM2I24tZGFruup43qWWbuPcRvYwgUBF+0:lWstN2S2p4tIFrmqWWbbRv3k0

    Score
    3/10
    behavioral7

    • Target

      $SYSDIR/CFCA_HSBC_GMAPI.dll

    • Size

      157KB

    • MD5

      c29ac30451c9ebfdd175db086c8d82e2

    • SHA1

      cbb269459f244425fd6ec1db8088a267446433af

    • SHA256

      5ba4585be6c8c895d9a66f21693682dd3b58279ef0cdf1479b841a12f96114f3

    • SHA512

      9c5ed13dacfea957bdbe7473af071394d0c98daec0012027ba5c779f4577923ed76a0b3b0a57432be4e8102cf9d344a03cc4bd933d04bd281a4f22e4d0014406

    • SSDEEP

      3072:dViHRlJrLeFRKMdHtpBVwMKeyIQXYMAqHROUPUYYEFuUCiWiHxzi:eHRlJriFHdHtpBVwMKeyIQXYKHROM3RW

    Score
    1/10
    behavioral8

    • Target

      $SYSDIR/CFCA_HSBC_LIB.dll

    • Size

      257KB

    • MD5

      562ec71ced3842116f7addb2d78cdc4e

    • SHA1

      e34b01795e025d6e83a82a805e5d2ab6d0022c2d

    • SHA256

      58fa342fb8aa5b4dd6c70e7ac6be69fd892fbfb6dff7dc499fec9b0fad8fe00e

    • SHA512

      354ab59d0eda6fbbc05989f4eb114f2877a3f27ac7f72a614ae3d2a06b2368d244528e71f376862e6ecf6f0b272a454cc9228c74c81dd2108a30ba993c144508

    • SSDEEP

      6144:91mvTKTVTFHqt0XsjSeSt9wYlFvDeKW1FdI5MZ:91YGxJ7cBSvDejFdr

    Score
    3/10
    behavioral9

    • Target

      $SYSDIR/CFCA_HSBC_P11.dll

    • Size

      184KB

    • MD5

      7cda3a6e91e46cf2b04e60a72590b452

    • SHA1

      ee82fb11e5c1b2c6df2e03452e699188175c0af1

    • SHA256

      61c93b350f48896aca966524a7196db119fd188a107796221a4f54f723df7a22

    • SHA512

      828b321b86dd42e5e96279c0418ed78b59f7405e26600fb0b1ef4cad2cbce1efea185e004de724e6f21b24ee98c0e79e0978987f9c048e28dd29fab3678a0030

    • SSDEEP

      3072:6n2X+D4hYEyWf+e+kd8jPW/imWrb0fVJVRDHJUvUldz:3YEyvyAPW/ArCVRdfz

    Score
    1/10
    behavioral10

    • Target

      $SYSDIR/CFCA_HSBC_SRV.exe

    • Size

      69KB

    • MD5

      eb168e545f4f09125c9b2537141b2131

    • SHA1

      224a30956a26b35395f238d7c3692032d00e023e

    • SHA256

      07d989855f4dd8bfd5e4e1d2a3cdea3696957fbe0f202ab699c9ea7294cffbfc

    • SHA512

      a10bc667b69f0dde67da8cc2277688cd36cc659b0ceeb26c9c24934a8cc5454044ba0a2c07b593ce4428b6ce1fafe5b37e20c6577451f657810e6372f7dbc530

    • SSDEEP

      1536:h6vawbAZwTqawgKCMw4XeXgLmquIT2lCHoR4M70V3hFw:hxwcGT18LeYuITACH+oxw

    Score
    1/10
    behavioral11

    • Target

      $SYSDIR/CFCA_HSBC_scsp.dll

    • Size

      45KB

    • MD5

      59671bf95699f5fd4ad23e6da2bd6284

    • SHA1

      d50f9d1cdbaacabb86fb6106e98fff084e9ca9f5

    • SHA256

      011523f383fe08bcd5a07307fc76cb644d6d7e955a88fdea02473a7591858386

    • SHA512

      b7abb03eb4c2b395fc48679421668cf9ddd164c3b23d641b8631a97df0031133b5d8ea2102efdc0e07b881ebfe1668c0c4a3102ab6897e56ba734306ab01ecbc

    • SSDEEP

      768:3Ai/JwobqOtAHbhgSFmXEI1iogdq0S01/2o+6JKKFx:wK+mLBJ1iDduaJp

    Score
    1/10
    behavioral12

    • Target

      $SYSDIR/CFCA_HSBC_scsp.sig

    • Size

      136B

    • MD5

      4f9b21ed006ad3eb4963bdaf16fee87f

    • SHA1

      a38a0ab75845a1fcef9692d3a8e746613bdca9c9

    • SHA256

      81994e5295f30965a669078a3ff371e848f3d51eb788d7ede8c0d0db10051d19

    • SHA512

      2d37303d0fbb80962f5e62924d8460ed6c2c13ad753b119653734ddcf4d130f6946acce64ae2de5f812f4e1e91d71d60b0b051ba0d02c6c215ee9583a6bb7ed9

    Score
    3/10
    behavioral13

    • Target

      $SYSDIR/CryptoKit.HSBC.exe

    • Size

      4.5MB

    • MD5

      88b6ed048456d41f4f9bdcebc69fdc04

    • SHA1

      05a0347a4abc84ec871932d6e9f8c59c4e206cc3

    • SHA256

      ab6068524bed05e25cfb24987d3c29f833ebe684e3072458ea25a0c826441314

    • SHA512

      9cd9e45f73427da24297a19aa4a4d5e4b7b928868879babd1e3b9a424ce0ff4cb23201e777b142d651c5a044364bb625badd546c55973ecc7c7a4538a0cabe08

    • SSDEEP

      98304:2Kr0mQVOjfSxgHtQBFZdG/Cgem9fy2vUIBjSj3btptYSSxIaGN:2Kr0mqHgHD7eYfy2vUcE3bt0InN

    Score
    7/10
    discoverypersistence

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral14

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      959ea64598b9a3e494c00e8fa793be7e

    • SHA1

      40f284a3b92c2f04b1038def79579d4b3d066ee0

    • SHA256

      03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

    • SHA512

      5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

    • SSDEEP

      192:sRer7uivwq1XpKs4FVWSjMd8tIg2cREbyCsZ8q2R4Sy+Xe:s67Xws4FVWig86/5eCBqSy+Xe

    Score
    3/10
    behavioral15

    • Target

      $SYSDIR/CryptoKit.HSBC.x64.dll

    • Size

      1.3MB

    • MD5

      510f6561ce51936a460d7ccc2c04010c

    • SHA1

      a1078a52039a14dbe476f67dfcae77c09f9339b4

    • SHA256

      e00eba22c4ca5e9fadcd2ddd561b0cf9f9eb8ae7bac619777fc527354b10e016

    • SHA512

      e700651aa50a9b00ef38ad2c5f74e220aa39f91708163844f94a109d0d4a7194ef7c093da416412c1b54fa7d22a3cf0cb97dd41f0002ca29005945a55d5d0bfc

    • SSDEEP

      24576:IcdjuFD3DgfGCNSi4Q/HFFlCzqpD2iUl6ZBXi:Ic1uFbDgfGCN5V5VUl6Di

    Score
    7/10
    persistence
    behavioral16

    • Target

      $SYSDIR/CryptoKit.HSBC.x86.dll

    • Size

      1.0MB

    • MD5

      d6093ec468e383c616154ec1c92e3f53

    • SHA1

      9dd2406105c67f86085c9a82475c1e903690dc81

    • SHA256

      fa69867c017873a36f500ff84dddde62439e3960dfae7d30b4038a4b56e834b2

    • SHA512

      10ab0650d7e8e294cb6d4b7a7ff3e6e2ea4f1893be32eb00bd5db4bee0b2e6b51dab50e0f66500bf5602f1eec3abc236b3492cec97afa67470928d6260676e89

    • SSDEEP

      24576:59imEEBDlFxRvhxB3srzAzj2ByAEmXsa+:59ijgfHBGzs2oAEosj

    Score
    1/10
    behavioral17

    • Target

      $SYSDIR/npCryptoKit.HSBC.x86.dll

    • Size

      1.1MB

    • MD5

      48eb627ddb83642dd4848e2c08d68d80

    • SHA1

      1f9ec3811f68f65c17719cf5ccb2a81a38672fc1

    • SHA256

      5a52680b20a7b2ca26383f83ad4285b9f236f765cfcdcdb0f11a8ee14696d3a9

    • SHA512

      a1a8fc58c7633f7d868863827e34d1d15bf04e62cd166f91c89e23db463b90c3264474d57cac28b387113505c1925e8d5d3ed51bada307bedb4b3a107790d07e

    • SSDEEP

      24576:ggIUf+v7BrAPaOLnc5xaVlanYJofo2XLk:UISO4mlRJmoYLk

    Score
    3/10
    behavioral18

    • Target

      CryptoKitHost.HSBC.x86.exe

    • Size

      1.0MB

    • MD5

      9df83d1d074bcc9461f8d59d906a4e1e

    • SHA1

      d539a8831218654d5cf409d04954d3add6bd029b

    • SHA256

      5c7b30e459b57ed325a35fd23389d1086390efe7dbc5cd7b009d6ce287f9f2c5

    • SHA512

      8e276526d7be9ec13a0445a5ef4a30ad66c687664eaf9265d0ccfa1f7b28550530c2c5e6b604a7e00356c0adda575131890bcf21c7dc150b952783204369ece8

    • SSDEEP

      24576:OgctMhz7gC5nbgVaMhxWbPXqh0iL5XTLbvtO:+t0EugfHWTXqnLxLbI

    Score
    1/10
    behavioral19

    • Target

      com.cfca.CryptoKitHost.HSBC-firefox.json

    • Size

      208B

    • MD5

      23717c4721cfbb1eea7bf90f4e6d6e8d

    • SHA1

      24d950a53f38324491ebb2af8ed6e154120f97c4

    • SHA256

      bb97f8e717d4d93e179c21e95adfe4246961484b278b306bba39552857027c80

    • SHA512

      7da2dbe9cc35968e7aed16a7efcd4bf6b7a7ecdd7af2af8c0c4a9951bb4caeada6646096178d29f22eaf3ff5fa0ae442e15b5a05930dadd3c178de943d3b51ac

    Score
    3/10
    behavioral20

    • Target

      com.cfca.CryptoKitHost.HSBC-win.json

    • Size

      473B

    • MD5

      54a783d9904e7f3ddfd20d694df0f59e

    • SHA1

      f50e8217d7e1b5929d0be9340485292de965b1f6

    • SHA256

      fb33588577ea06e32629840caa9af95cc281856a16e585c1cc4b7b6a14b978a2

    • SHA512

      a4ffa8a56c0e1e6be27d259370e1e9dcc012ea0443fcdfda57986e918c729f7b97863eb8d8e1069b59270d8464bc09adf55637ae56d2cc690dd30d75f641b90e

    Score
    3/10
    behavioral21

    • Target

      uninst.exe.nsis

    • Size

      2.2MB

    • MD5

      cffa0d5e57c4dfb318c75df221a2a0d8

    • SHA1

      753e6952ee9022316b0ef34e8e9cb8ae930a8501

    • SHA256

      964e23a72da9c5f2ad32fb6e31517e7bb5ceab4b2e7ea711d98362aecec306e0

    • SHA512

      c4ec1acf8702ddf02fc8c4925e2fc46788419ee3d22f2039d17e5003e3532b322879b9334134ac592bee12281d0d87a0aa17311d2b6e74413f0d519f2225604d

    • SSDEEP

      49152:MQEtu40mQVZEbhqqFXF5SxgH/FQBFKedvOVFCgeT6QXkS:Wr0mQVOjfSxgHtQBFZdG/Cgem9S

    Score
    3/10
    behavioral22

    • Target

      HSBC_UKeyTool.exe

    • Size

      223KB

    • MD5

      ba8cca1bb7a11644bd700452e4a92ddd

    • SHA1

      b8cd8668bafd14eff7abfea72a8f32dd85c8259b

    • SHA256

      24f2211816c726dec4a5b8809b7455bd34a00f4391746f7b3b7b55d13452a043

    • SHA512

      768e24bdcf90c4f7118154c823a1cd680a822c2fabb7b978747fedb4805f24bef46a3576b7b64d63b60c5167e9adfc4adede216d25ad64ee92e3696750412d98

    • SSDEEP

      6144:g1vHJZpDQ3hXEy8ER8B6yvlYGkO/eHa6BR:gjD86O8B683/36b

    Score
    1/10
    behavioral23

MITRE ATT&CK Enterprise v15

Tasks