General

  • Target

    ff7549322ae26e289155af29d32c8e13_JaffaCakes118

  • Size

    160KB

  • Sample

    240421-rhv1dsda45

  • MD5

    ff7549322ae26e289155af29d32c8e13

  • SHA1

    1827bad4659ef9873ed11ad492f9e12e4608d8d9

  • SHA256

    eff3a2bd8699ed283d632ec420b4c8b717634c3c368d2cc7b34282e893babdae

  • SHA512

    cffb4b55f59f1b52130b08f1648b1798d0dbf1608f2a6d9054793d14288053f0c8ac06bc0818d2f664b15de89446a5da75e3cc30e55cd208661d55280e96705a

  • SSDEEP

    1536:gEY+mFM2HXKZgi0Iksu+XM5/HtAQ9J6xph:TY+4MiIkLZJNAQ9J6v

Malware Config

Targets

    • Target

      ff7549322ae26e289155af29d32c8e13_JaffaCakes118

    • Size

      160KB

    • MD5

      ff7549322ae26e289155af29d32c8e13

    • SHA1

      1827bad4659ef9873ed11ad492f9e12e4608d8d9

    • SHA256

      eff3a2bd8699ed283d632ec420b4c8b717634c3c368d2cc7b34282e893babdae

    • SHA512

      cffb4b55f59f1b52130b08f1648b1798d0dbf1608f2a6d9054793d14288053f0c8ac06bc0818d2f664b15de89446a5da75e3cc30e55cd208661d55280e96705a

    • SSDEEP

      1536:gEY+mFM2HXKZgi0Iksu+XM5/HtAQ9J6xph:TY+4MiIkLZJNAQ9J6v

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Tasks