General

  • Target

    5563cf4be888cc64107170aa438641a788178899ccfd8dfa67d2f26dcbf50d93

  • Size

    40KB

  • Sample

    221126-l9h71she42

  • MD5

    954f8ad69ca8a75bed96742b693824cc

  • SHA1

    63786192f352afc61dffb55db4292aede75272a8

  • SHA256

    5563cf4be888cc64107170aa438641a788178899ccfd8dfa67d2f26dcbf50d93

  • SHA512

    0dc3354e4d8a85068999f16c85bb470b9b202d151308d581a06941c245b80349501782c5e9bf90fa4c0ba417de8eeb3cf36553a0fac16404a4592bf0a6859eed

  • SSDEEP

    768:KMExD64E1ShWDVjBSx6ScioQmC0tfB/VLvGplRH5+UyeX:KxxDrE1SiVcZoQfIfBtbGpl+Fw

Malware Config

Targets

    • Target

      5563cf4be888cc64107170aa438641a788178899ccfd8dfa67d2f26dcbf50d93

    • Size

      40KB

    • MD5

      954f8ad69ca8a75bed96742b693824cc

    • SHA1

      63786192f352afc61dffb55db4292aede75272a8

    • SHA256

      5563cf4be888cc64107170aa438641a788178899ccfd8dfa67d2f26dcbf50d93

    • SHA512

      0dc3354e4d8a85068999f16c85bb470b9b202d151308d581a06941c245b80349501782c5e9bf90fa4c0ba417de8eeb3cf36553a0fac16404a4592bf0a6859eed

    • SSDEEP

      768:KMExD64E1ShWDVjBSx6ScioQmC0tfB/VLvGplRH5+UyeX:KxxDrE1SiVcZoQfIfBtbGpl+Fw

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks