General

  • Target

    234AE592D98A1E12B9A109890D0AF5BE.exe

  • Size

    62KB

  • Sample

    221130-swyh4scc35

  • MD5

    234ae592d98a1e12b9a109890d0af5be

  • SHA1

    027e16cbf3e7176e75ef4ee4785528cf8d2632b2

  • SHA256

    9e90db01ca80d818532e8945641e807c541ede136613374bc39da9d1102c1be9

  • SHA512

    edf1134f1b1859b5dc075ba5fd88a70aea02fdad24bab4072164bb7c3ac35827cf1be166fca647e9df7ae3f72c9a68da3511b97f8823923ba85f1c3b43918793

  • SSDEEP

    768:wBpZR8fRR1EOrsKrbcYXn9UdDp7Esezzvmw1dJxWxU5:wBPSJRBrsKrbc4WdDp76zLB0u

Malware Config

Targets

    • Target

      234AE592D98A1E12B9A109890D0AF5BE.exe

    • Size

      62KB

    • MD5

      234ae592d98a1e12b9a109890d0af5be

    • SHA1

      027e16cbf3e7176e75ef4ee4785528cf8d2632b2

    • SHA256

      9e90db01ca80d818532e8945641e807c541ede136613374bc39da9d1102c1be9

    • SHA512

      edf1134f1b1859b5dc075ba5fd88a70aea02fdad24bab4072164bb7c3ac35827cf1be166fca647e9df7ae3f72c9a68da3511b97f8823923ba85f1c3b43918793

    • SSDEEP

      768:wBpZR8fRR1EOrsKrbcYXn9UdDp7Esezzvmw1dJxWxU5:wBPSJRBrsKrbc4WdDp76zLB0u

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks