General

  • Target

    358ed18e9caf49b6d90fcc137e76047a5d634e4f4ea320bf8eca030f8f18d934

  • Size

    108KB

  • Sample

    221128-pfh7psgf2v

  • MD5

    8989d037f185dfd2a55047c8f5fdb4a4

  • SHA1

    58c9d424d7c6adb92c57267c4a6488256c93c382

  • SHA256

    358ed18e9caf49b6d90fcc137e76047a5d634e4f4ea320bf8eca030f8f18d934

  • SHA512

    cdbccaf932ebf025f1a4f4535693fd766ed5127f0de5d094f536465603a00be0ceeacb52b909fc950af20b66c5da3e671ec03c596756220d949433e81a450152

  • SSDEEP

    1536:Pqwc7oithoCoUXPYcregabDCPxk3Y4U49v/5xL7DCXnXdSE9V:bc7NhDXPYcrepL3Y43JBxLvCX39V

Malware Config

Targets

    • Target

      358ed18e9caf49b6d90fcc137e76047a5d634e4f4ea320bf8eca030f8f18d934

    • Size

      108KB

    • MD5

      8989d037f185dfd2a55047c8f5fdb4a4

    • SHA1

      58c9d424d7c6adb92c57267c4a6488256c93c382

    • SHA256

      358ed18e9caf49b6d90fcc137e76047a5d634e4f4ea320bf8eca030f8f18d934

    • SHA512

      cdbccaf932ebf025f1a4f4535693fd766ed5127f0de5d094f536465603a00be0ceeacb52b909fc950af20b66c5da3e671ec03c596756220d949433e81a450152

    • SSDEEP

      1536:Pqwc7oithoCoUXPYcregabDCPxk3Y4U49v/5xL7DCXnXdSE9V:bc7NhDXPYcrepL3Y43JBxLvCX39V

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks