General

  • Target

    467bbac28ce941c681318755a83fd2753e7e182b0f7de1d73fa5a730e3a1d2b8

  • Size

    98KB

  • Sample

    210508-2fmjp8xbs2

  • MD5

    d655e5bcceacab0add4691f419d2cc7f

  • SHA1

    c2dfc020ce9ff1496bbfbdbe6d9ebcca1e6509b7

  • SHA256

    467bbac28ce941c681318755a83fd2753e7e182b0f7de1d73fa5a730e3a1d2b8

  • SHA512

    e133d04097c4cadacd5c5dfcd5c4b5040fb585d431aee34c69592816c3a4fd265cd7d1734ce460f69419052cb8ec6161820dbe4a3838e934fcec0aee36aeff23

Malware Config

Targets

    • Target

      467bbac28ce941c681318755a83fd2753e7e182b0f7de1d73fa5a730e3a1d2b8

    • Size

      98KB

    • MD5

      d655e5bcceacab0add4691f419d2cc7f

    • SHA1

      c2dfc020ce9ff1496bbfbdbe6d9ebcca1e6509b7

    • SHA256

      467bbac28ce941c681318755a83fd2753e7e182b0f7de1d73fa5a730e3a1d2b8

    • SHA512

      e133d04097c4cadacd5c5dfcd5c4b5040fb585d431aee34c69592816c3a4fd265cd7d1734ce460f69419052cb8ec6161820dbe4a3838e934fcec0aee36aeff23

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks