General

  • Target

    ded7380f6734bcb6a67569acc96254c76a8acd38db209b8b9cfe9730940f9fe4

  • Size

    98KB

  • Sample

    210508-kyxv5rlp4x

  • MD5

    c5d1d7de55e78309930a4e436cbba881

  • SHA1

    fb9ecb7c0910f86c1677ce77684a099095b91f23

  • SHA256

    ded7380f6734bcb6a67569acc96254c76a8acd38db209b8b9cfe9730940f9fe4

  • SHA512

    c3971283eb2cf1ed4c078edb9468c480ad6ec60cf5b3fb118e30c2d0fe2f461b067fb4d60110101cf06a967ed81e1574d4a1513b7329ba05253b0bcd7f630b7a

Malware Config

Targets

    • Target

      ded7380f6734bcb6a67569acc96254c76a8acd38db209b8b9cfe9730940f9fe4

    • Size

      98KB

    • MD5

      c5d1d7de55e78309930a4e436cbba881

    • SHA1

      fb9ecb7c0910f86c1677ce77684a099095b91f23

    • SHA256

      ded7380f6734bcb6a67569acc96254c76a8acd38db209b8b9cfe9730940f9fe4

    • SHA512

      c3971283eb2cf1ed4c078edb9468c480ad6ec60cf5b3fb118e30c2d0fe2f461b067fb4d60110101cf06a967ed81e1574d4a1513b7329ba05253b0bcd7f630b7a

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks