General

  • Target

    be54e9090f762235512167e73ce8b7add1b39e402525a27ba38caf03cce05dab

  • Size

    41KB

  • Sample

    221126-ntdnpsbf26

  • MD5

    9a51436a8d26cd77415daa5e5d5d582b

  • SHA1

    b8048aecc13c7165540cd27b0a8ac1fcb09066b6

  • SHA256

    be54e9090f762235512167e73ce8b7add1b39e402525a27ba38caf03cce05dab

  • SHA512

    df72791d24cbdb9ba52bc6218c2ed51ac23df7dd6880e291518343ab81f1dac9de88fa5d3ec9b349bb18985766eac7edd15d70ea47bbe92a9b66cc2714578fd4

  • SSDEEP

    768:v5IWuq1rI1MSIOSDLqwUy6GEVVr2Op0dIHPSaDBBi7MMWBkxUq5mJ3oLPQeb9:RwfItD2wUy6iOpZHqa3i7Mtklm+

Malware Config

Targets

    • Target

      VerdiSetup.exe

    • Size

      45KB

    • MD5

      205be4bfe8e7fa9812388b2cd80e535e

    • SHA1

      e43d8b2751017c0fe815fa3bdcd90fb620389798

    • SHA256

      7679db542a305b539835a449c0c45bb189a049319e31ff07d28597ebb0157ebb

    • SHA512

      a878ca368c8bb12b9a6e75ee00308d6d531b2020612f01c04fcf086b49457424ff63d1574a5031219d56cec969af0a34909f2fb8c809356156d9c4a64072a324

    • SSDEEP

      768:oTYrljgxDrri6qewO2VuLnDm6thGYkH4JuxUul/w7S1Z0:ocjgdri7egVYDXT9i4o7/OS1u

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks