General

  • Target

    NEAS.2aca00e28687922f996115616909f7c0_JC.exe

  • Size

    112KB

  • Sample

    231104-l4t3bshf27

  • MD5

    2aca00e28687922f996115616909f7c0

  • SHA1

    14b2c6abc0e0e28b1957d0a6931d1b6c4f4b20c2

  • SHA256

    f4b757e8005b5f35200e22084a07e7c2f73a7987fa8c785a5568d1a26fa24ab5

  • SHA512

    27215691395b4d4c40d357e6bd41df057575b5a3102f1025f4ae9cc8b3403645e572e7933b35d0204f56910c3624674118db75b39b2ac37310c08a110ac82c03

  • SSDEEP

    3072:pafe8iokAMMKzU2YAPNAQxxlNk3Um/u1hp13JeoSG:pafviokAMMohe3UmG1hpeoSG

Malware Config

Targets

    • Target

      NEAS.2aca00e28687922f996115616909f7c0_JC.exe

    • Size

      112KB

    • MD5

      2aca00e28687922f996115616909f7c0

    • SHA1

      14b2c6abc0e0e28b1957d0a6931d1b6c4f4b20c2

    • SHA256

      f4b757e8005b5f35200e22084a07e7c2f73a7987fa8c785a5568d1a26fa24ab5

    • SHA512

      27215691395b4d4c40d357e6bd41df057575b5a3102f1025f4ae9cc8b3403645e572e7933b35d0204f56910c3624674118db75b39b2ac37310c08a110ac82c03

    • SSDEEP

      3072:pafe8iokAMMKzU2YAPNAQxxlNk3Um/u1hp13JeoSG:pafviokAMMohe3UmG1hpeoSG

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks