General

  • Target

    beaeb6f3d0bcfe5a01a74cfd3b6de9836edea01c46e2d8fba9a55eb596645959

  • Size

    136KB

  • Sample

    210508-s8dyv9jvhn

  • MD5

    a3b4abc2087d56e6fd7fb3cbcd4a70f8

  • SHA1

    374218547142df2072290c5916c7e7641c9697ae

  • SHA256

    beaeb6f3d0bcfe5a01a74cfd3b6de9836edea01c46e2d8fba9a55eb596645959

  • SHA512

    d77d767ef0ef449ced7ade15d601ef73fbcdeb1cdad28a0ef8aa7e608e2e2e8597192f413abda4ab4aabe0b0ef147fd644062da831f0ce3c5499e2f4af6d47f0

Malware Config

Targets

    • Target

      beaeb6f3d0bcfe5a01a74cfd3b6de9836edea01c46e2d8fba9a55eb596645959

    • Size

      136KB

    • MD5

      a3b4abc2087d56e6fd7fb3cbcd4a70f8

    • SHA1

      374218547142df2072290c5916c7e7641c9697ae

    • SHA256

      beaeb6f3d0bcfe5a01a74cfd3b6de9836edea01c46e2d8fba9a55eb596645959

    • SHA512

      d77d767ef0ef449ced7ade15d601ef73fbcdeb1cdad28a0ef8aa7e608e2e2e8597192f413abda4ab4aabe0b0ef147fd644062da831f0ce3c5499e2f4af6d47f0

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks