General

  • Target

    29403e5e30f463b0fa0046ed5640e6b1b6db42db587ce035c2cafb749d5ce055

  • Size

    98KB

  • Sample

    210508-n2b4h4hdg6

  • MD5

    fa414e2324d950d410fdfe9cbe0ff7c4

  • SHA1

    9ef48c0e41625beb4c08b8d685c56ae5cefd3b5e

  • SHA256

    29403e5e30f463b0fa0046ed5640e6b1b6db42db587ce035c2cafb749d5ce055

  • SHA512

    758f3f802828c1ff9ad2c44cf2ba83ed503b566a06e6c800db015cb6a588e3824abb32f1a8b8bf467b117563ffeea3facfeb5ed652e338542c967871d292d9f6

Malware Config

Targets

    • Target

      29403e5e30f463b0fa0046ed5640e6b1b6db42db587ce035c2cafb749d5ce055

    • Size

      98KB

    • MD5

      fa414e2324d950d410fdfe9cbe0ff7c4

    • SHA1

      9ef48c0e41625beb4c08b8d685c56ae5cefd3b5e

    • SHA256

      29403e5e30f463b0fa0046ed5640e6b1b6db42db587ce035c2cafb749d5ce055

    • SHA512

      758f3f802828c1ff9ad2c44cf2ba83ed503b566a06e6c800db015cb6a588e3824abb32f1a8b8bf467b117563ffeea3facfeb5ed652e338542c967871d292d9f6

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks