General

  • Target

    sample14.exe

  • Size

    98KB

  • Sample

    210224-84amk4zscs

  • MD5

    bacd3059fe8dc55a8708b1ae72922906

  • SHA1

    1b864eb3ffb27ebf15a4744e5236bee7a8bdb978

  • SHA256

    00143ac9449a1f48b7919361afa3b2ca0b5e1b9d7005750bfabc795a0e8d32ed

  • SHA512

    d33e7938d98fa19325d848884d39e531a6f68136634845c0ac01abb5d2421302a22fde2188c885e883a6f8659fe3d206b25b23c4791dff8f504a2df325887b7e

Malware Config

Targets

    • Target

      sample14.exe

    • Size

      98KB

    • MD5

      bacd3059fe8dc55a8708b1ae72922906

    • SHA1

      1b864eb3ffb27ebf15a4744e5236bee7a8bdb978

    • SHA256

      00143ac9449a1f48b7919361afa3b2ca0b5e1b9d7005750bfabc795a0e8d32ed

    • SHA512

      d33e7938d98fa19325d848884d39e531a6f68136634845c0ac01abb5d2421302a22fde2188c885e883a6f8659fe3d206b25b23c4791dff8f504a2df325887b7e

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks