General

  • Target

    NEAS.a062d4e9b5eddaf454856b1edfb5c1b0_JC.exe

  • Size

    62KB

  • Sample

    231104-ml5a1sab26

  • MD5

    a062d4e9b5eddaf454856b1edfb5c1b0

  • SHA1

    fb8263838bf402bf9b4d47db52e9bbd27fc3aa19

  • SHA256

    b1f6f0947a0f12034a0262477a210edf409b4d332c6d52cda8b31b524b6f2520

  • SHA512

    3b8f543bb804693651bb234e74602d896f61cf3cf69eff6ae2196115f4d296f33d92f908561e3bc64bef94a4ab0e8be11fc7d1c27fc57a9b80ead1da5e43b693

  • SSDEEP

    768:ai38jm/CGnYr1xWfrr9G2xMSRZWMKNZURoqNpc1X/9TIFL:mqCG2q9ugZ7KZnTTKL

Malware Config

Targets

    • Target

      NEAS.a062d4e9b5eddaf454856b1edfb5c1b0_JC.exe

    • Size

      62KB

    • MD5

      a062d4e9b5eddaf454856b1edfb5c1b0

    • SHA1

      fb8263838bf402bf9b4d47db52e9bbd27fc3aa19

    • SHA256

      b1f6f0947a0f12034a0262477a210edf409b4d332c6d52cda8b31b524b6f2520

    • SHA512

      3b8f543bb804693651bb234e74602d896f61cf3cf69eff6ae2196115f4d296f33d92f908561e3bc64bef94a4ab0e8be11fc7d1c27fc57a9b80ead1da5e43b693

    • SSDEEP

      768:ai38jm/CGnYr1xWfrr9G2xMSRZWMKNZURoqNpc1X/9TIFL:mqCG2q9ugZ7KZnTTKL

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks