General

  • Target

    73b82bf5ee75eeefd41d3873518fa24081da9570e5018fa61f1e5f91291bba9b

  • Size

    98KB

  • Sample

    210508-pkhq61mwn2

  • MD5

    cfb0c225c8c8da011cfebcc5d4572612

  • SHA1

    51e7348adf6ec378fcaaf09effda78cc32f11ff4

  • SHA256

    73b82bf5ee75eeefd41d3873518fa24081da9570e5018fa61f1e5f91291bba9b

  • SHA512

    2294e69281b5822e52c2b56b50fda51863c43426dfe2aec836281d648188a8452da3e46810fd4710803dafb21d3e1dcf4729265aa06f4a1d8eb7c05d9ebea659

Malware Config

Targets

    • Target

      73b82bf5ee75eeefd41d3873518fa24081da9570e5018fa61f1e5f91291bba9b

    • Size

      98KB

    • MD5

      cfb0c225c8c8da011cfebcc5d4572612

    • SHA1

      51e7348adf6ec378fcaaf09effda78cc32f11ff4

    • SHA256

      73b82bf5ee75eeefd41d3873518fa24081da9570e5018fa61f1e5f91291bba9b

    • SHA512

      2294e69281b5822e52c2b56b50fda51863c43426dfe2aec836281d648188a8452da3e46810fd4710803dafb21d3e1dcf4729265aa06f4a1d8eb7c05d9ebea659

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks