General

  • Target

    NEAS.c69789bb77ee95b5dc90fab64af3a510.exe

  • Size

    62KB

  • Sample

    231107-bhp65sah62

  • MD5

    c69789bb77ee95b5dc90fab64af3a510

  • SHA1

    1f1db22ab33446882b29d0da0762423b344a1c9f

  • SHA256

    bbac58d1fb2fefd620be766b8923a01f1781279884298df7f660beace2783ea0

  • SHA512

    10169e8aa1a8bce85da2f105efa71c529f5e7edaa82d919169c74aebf4d066480bbdc2d4ce226265ba11c4d110835e76654dab311c971e717fe5df0e59db5b17

  • SSDEEP

    768:ai38jm/CGnYr1xWfrr9G2xMSRZWMKNZURoqNpc1X/9TIFL:mqCG2q9ugZ7KZnTTKL

Malware Config

Targets

    • Target

      NEAS.c69789bb77ee95b5dc90fab64af3a510.exe

    • Size

      62KB

    • MD5

      c69789bb77ee95b5dc90fab64af3a510

    • SHA1

      1f1db22ab33446882b29d0da0762423b344a1c9f

    • SHA256

      bbac58d1fb2fefd620be766b8923a01f1781279884298df7f660beace2783ea0

    • SHA512

      10169e8aa1a8bce85da2f105efa71c529f5e7edaa82d919169c74aebf4d066480bbdc2d4ce226265ba11c4d110835e76654dab311c971e717fe5df0e59db5b17

    • SSDEEP

      768:ai38jm/CGnYr1xWfrr9G2xMSRZWMKNZURoqNpc1X/9TIFL:mqCG2q9ugZ7KZnTTKL

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks