General

  • Target

    e596c1f89053d37393a14b3b26fc04893250e640d81c6e5e0ef4a7a750e83721

  • Size

    32KB

  • Sample

    240406-ehtfcaab2x

  • MD5

    055bffbc9bb7e88c451da4918e4d81bc

  • SHA1

    f44ad612b074acd83e1c5dc3ffa6be9ce3a121ec

  • SHA256

    e596c1f89053d37393a14b3b26fc04893250e640d81c6e5e0ef4a7a750e83721

  • SHA512

    6fd7480fdb3bdf37e5624fa8106c9f18df05ff151ac2c8532efbb246f7f8f264d19f3cb9a917129355a3ec05581d57890a86f06cca204583d003c6eeed27d426

  • SSDEEP

    768:UTW9z3eGRhPra78oon2fczSjFqdSpUpfF1eOB8NPCjgoiHsz:Ui9z3eADf2BxpUpfLc8esz

Malware Config

Targets

    • Target

      e596c1f89053d37393a14b3b26fc04893250e640d81c6e5e0ef4a7a750e83721

    • Size

      32KB

    • MD5

      055bffbc9bb7e88c451da4918e4d81bc

    • SHA1

      f44ad612b074acd83e1c5dc3ffa6be9ce3a121ec

    • SHA256

      e596c1f89053d37393a14b3b26fc04893250e640d81c6e5e0ef4a7a750e83721

    • SHA512

      6fd7480fdb3bdf37e5624fa8106c9f18df05ff151ac2c8532efbb246f7f8f264d19f3cb9a917129355a3ec05581d57890a86f06cca204583d003c6eeed27d426

    • SSDEEP

      768:UTW9z3eGRhPra78oon2fczSjFqdSpUpfF1eOB8NPCjgoiHsz:Ui9z3eADf2BxpUpfLc8esz

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • UPX dump on OEP (original entry point)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks