General

  • Target

    a6891166e6dd72da13f2d1a3ae50fd240947ae55fe8a1a764de392ca0ef9fe59

  • Size

    76KB

  • Sample

    240406-bjqt3agc4t

  • MD5

    c1538ce08c3f562ba75480d2ee0ca6f0

  • SHA1

    9004c4fe0897bb0a6b9e40a0c24def9d73e9de53

  • SHA256

    a6891166e6dd72da13f2d1a3ae50fd240947ae55fe8a1a764de392ca0ef9fe59

  • SHA512

    7748a6ce137e6ab1a34182bb1dbfaf190582b683ab3edcbb708cd98c54399438c9bceb86fb67aadf1de38d81c73c8411e448a4cd20fb755a10bd2d0923319137

  • SSDEEP

    1536:zKF3T5pEwG/lfKc9BJ9tz4tP2tK24sRx+odp:ehV5GNCc9xYPpodp

Malware Config

Targets

    • Target

      a6891166e6dd72da13f2d1a3ae50fd240947ae55fe8a1a764de392ca0ef9fe59

    • Size

      76KB

    • MD5

      c1538ce08c3f562ba75480d2ee0ca6f0

    • SHA1

      9004c4fe0897bb0a6b9e40a0c24def9d73e9de53

    • SHA256

      a6891166e6dd72da13f2d1a3ae50fd240947ae55fe8a1a764de392ca0ef9fe59

    • SHA512

      7748a6ce137e6ab1a34182bb1dbfaf190582b683ab3edcbb708cd98c54399438c9bceb86fb67aadf1de38d81c73c8411e448a4cd20fb755a10bd2d0923319137

    • SSDEEP

      1536:zKF3T5pEwG/lfKc9BJ9tz4tP2tK24sRx+odp:ehV5GNCc9xYPpodp

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • UPX dump on OEP (original entry point)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks