General

  • Target

    NEAS.c88b41f40268edb39b277ed5cb0fcb90_JC.exe

  • Size

    62KB

  • Sample

    231101-kkk5msga42

  • MD5

    c88b41f40268edb39b277ed5cb0fcb90

  • SHA1

    9673b62f43e86aab9089455454079aceea13e05a

  • SHA256

    5b240a73720678e7114918f138070381845429af3c96f94b43f0475bb4d803bd

  • SHA512

    6930e0d47845927f4ef71ad1f459d5f50f9f4c4dbd50aa3e7335725f06ffeb47e243ddc7aa878a95b7ab70ec25748a69776a0f0609f7ae4f6c1ebdae5bd19751

  • SSDEEP

    768:ui38jm/CGnYr1xWfrr9G2xMSRZWMKNZURoqNpc1X/9TIFL:qqCG2q9ugZ7KZnTTKL

Malware Config

Targets

    • Target

      NEAS.c88b41f40268edb39b277ed5cb0fcb90_JC.exe

    • Size

      62KB

    • MD5

      c88b41f40268edb39b277ed5cb0fcb90

    • SHA1

      9673b62f43e86aab9089455454079aceea13e05a

    • SHA256

      5b240a73720678e7114918f138070381845429af3c96f94b43f0475bb4d803bd

    • SHA512

      6930e0d47845927f4ef71ad1f459d5f50f9f4c4dbd50aa3e7335725f06ffeb47e243ddc7aa878a95b7ab70ec25748a69776a0f0609f7ae4f6c1ebdae5bd19751

    • SSDEEP

      768:ui38jm/CGnYr1xWfrr9G2xMSRZWMKNZURoqNpc1X/9TIFL:qqCG2q9ugZ7KZnTTKL

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks