General

  • Target

    27f56fc4e195bb6fb0a392aceb0218a21d7eaecc721089234d33b3b5b0f6c8d8

  • Size

    98KB

  • Sample

    210508-j4aej8ax66

  • MD5

    b0409d46fa460781fd20c3725eb4b799

  • SHA1

    7ad7aa0c766dcf186771abdb632c1d0f259c06a0

  • SHA256

    27f56fc4e195bb6fb0a392aceb0218a21d7eaecc721089234d33b3b5b0f6c8d8

  • SHA512

    2b017756cfdf548a3e278f804a71aa63cb04e08dc5aad0d0283f73410131d6ff51c4557b68d544e54e64511e59764da89ef6fe6ce0d679fd3b38702728b775da

Malware Config

Targets

    • Target

      27f56fc4e195bb6fb0a392aceb0218a21d7eaecc721089234d33b3b5b0f6c8d8

    • Size

      98KB

    • MD5

      b0409d46fa460781fd20c3725eb4b799

    • SHA1

      7ad7aa0c766dcf186771abdb632c1d0f259c06a0

    • SHA256

      27f56fc4e195bb6fb0a392aceb0218a21d7eaecc721089234d33b3b5b0f6c8d8

    • SHA512

      2b017756cfdf548a3e278f804a71aa63cb04e08dc5aad0d0283f73410131d6ff51c4557b68d544e54e64511e59764da89ef6fe6ce0d679fd3b38702728b775da

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks