General

  • Target

    042c42f72a01a61cc99bc220163a21ad74ac7a29ff6124b464f60f8216dfa753

  • Size

    27KB

  • Sample

    221126-l9j5bacd8v

  • MD5

    0ba6f5633f94ed72768b0b17c25dac64

  • SHA1

    2c2bcf068832ecd3f12e78bc2957f9cced506fcb

  • SHA256

    042c42f72a01a61cc99bc220163a21ad74ac7a29ff6124b464f60f8216dfa753

  • SHA512

    6590ad4fc3cc1facb45bb849eaaa0211ba6e9381355555b996fc9ad3570562e90ff4197bcaae76ff2456c7b2bcd2bb0f042a35f328ea3722a6bd9ee943de3603

  • SSDEEP

    768:FcAWxUIXF/Xr8N94i3yd2YhPnqIhXQI4AoXa/0Y7n:IxUKFm+zPnjQIiKbT

Malware Config

Targets

    • Target

      SetupVERDI.exe

    • Size

      40KB

    • MD5

      954f8ad69ca8a75bed96742b693824cc

    • SHA1

      63786192f352afc61dffb55db4292aede75272a8

    • SHA256

      5563cf4be888cc64107170aa438641a788178899ccfd8dfa67d2f26dcbf50d93

    • SHA512

      0dc3354e4d8a85068999f16c85bb470b9b202d151308d581a06941c245b80349501782c5e9bf90fa4c0ba417de8eeb3cf36553a0fac16404a4592bf0a6859eed

    • SSDEEP

      768:KMExD64E1ShWDVjBSx6ScioQmC0tfB/VLvGplRH5+UyeX:KxxDrE1SiVcZoQfIfBtbGpl+Fw

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks