Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- found by My Online Security @dvk01uk
- https://twitter.com/dvk01uk/status/981918736729899009
- Fake HSBC “Action needed: Activity confirmation” delivers Nymaim
- https://myonlinesecurity.co.uk/fake-hsbc-action-needed-activity-confirmation-delivers-nymaim/
- https://www.hybrid-analysis.com/sample/49bdb07f05725b4de83c08c42100a5d9ce505685e5d040821de2cefe66d3fee6?environmentId=100
- terminates quickly
- ----------
- ----------
- interesting api calls
- ----------
- RPCRT4.dll RegOpenKeyExA ( HKEY_LOCAL_MACHINE, "Software\Microsoft\Rpc", 0, KEY_READ, 0x0012f574 )
- SspiCli.dll RtlInitUnicodeString ( 0x0012f4d4, "\SECURITY\LSA_AUTHENTICATION_INITIALIZED" )
- SspiCli.dll RpcBindingFromStringBindingW ( "ncalrpc:[lsasspirpc]", 0x0012f444 )
- PDB: c:\Cold\Property\Best\key\Stood\Wide\SecondEarly.pdb
Add Comment
Please, Sign In to add comment