55453f794fbc569bf4afdf593aa27ff863bf1e1c67c7ccb5eb7bf48f29ff0de4

Analysis

max time kernel
402s
max time network
431s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
29/05/2024, 16:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HSBC_UKToolv1.0.0.6.exe
Size

3.5MB
MD5

7b7702067e951bd5efd6930025432c64
SHA1

dc9130c769472eeadeac380c0fc40029d2e8e295
SHA256

55453f794fbc569bf4afdf593aa27ff863bf1e1c67c7ccb5eb7bf48f29ff0de4
SHA512

7c107885607c73121f1dfc6ab3f7f6c3e2c21264229eb9b3551fc9bb5e6bf830d4fd072ba900ab039715e99afc50d79ce6812c646ca4531f88fdbfe07e3930f7
SSDEEP

98304:8XBnHfsvIWrreL4Zld+oyjgCCPMBHyiciqK8DWoYoA2e:SnEbe0MjgCCPMBSictGQe

Score

4^/10

Malware Config

Signatures

Loads dropped DLL 6 IoCs

pid	Process
5084	HSBC_UKToolv1.0.0.6.exe
5084	HSBC_UKToolv1.0.0.6.exe
5084	HSBC_UKToolv1.0.0.6.exe
5084	HSBC_UKToolv1.0.0.6.exe
5084	HSBC_UKToolv1.0.0.6.exe
5084	HSBC_UKToolv1.0.0.6.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\HSBC_UKToolv1.0.0.6.exe
"C:\Users\Admin\AppData\Local\Temp\HSBC_UKToolv1.0.0.6.exe"
1⤵
- Loads dropped DLL
PID:5084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsqBB72.tmp\ioSpecial.ini

Filesize
1KB

MD5
707ae0e6d1f1ff9f38a13b51f5d95838

SHA1
567fe3d03bc7709f660bf73d186d68f8b1f17458

SHA256
5821f9b97ebe7ee9ab68f01286b37f846feeb3f9141ae77ada20a6d025a45144

SHA512
b8290b49e95f15927ec56cb2a07aee9701d75a54c2246515d29d04553ba8c32147c5465f6491c4c9be579ea58004835b3b18c75bf8aa1fb3336fd04ebf5149ce

Download Submit
\Users\Admin\AppData\Local\Temp\nsqBB72.tmp\InstallOptions.dll

Filesize
15KB

MD5
09d8971beefefffd710030dd167a99e0

SHA1
a0117786ad77213f3eb48cfdc3819786cb796b7d

SHA256
caf64a4e9449220ba618a9aa2ae4ed3774c5d0f193bda44be22676c27ae0ec95

SHA512
3956f0c6bcdf033e4a10ab33872a66e0668da28ec31cb7a2c67ef7266d7c0845998a2a85a6cc25aba1df73909df8104119cf5f1f86c1e91f8fd201765aea49f0

Download Submit
\Users\Admin\AppData\Local\Temp\nsqBB72.tmp\System.dll

Filesize
12KB

MD5
8cf2ac271d7679b1d68eefc1ae0c5618

SHA1
7cc1caaa747ee16dc894a600a4256f64fa65a9b8

SHA256
6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

SHA512
ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

Download Submit
\Users\Admin\AppData\Local\Temp\nsqBB72.tmp\UserInfo.dll

Filesize
4KB

MD5
dc90f96b169dcc9151ee6e93b47446ea

SHA1
61e57bbe333a98d14f48815db7382ddbf90db642

SHA256
afc939ebfd66a6c972d2d6bbcb978559ab3427d1582935e45392f9912ef186ad

SHA512
11658c2342a2a686a012d81c602cd8e50861506dcee9d38c416bc60451cb1d7fc24e964875b8edfc22c9647f06ffe90088f83a60973eeaffa98538294af1d5ba

Download Submit