General

  • Target

    0055f0f770e0753d944e2dd2eb6bfc7b_JaffaCakes118

  • Size

    136KB

  • Sample

    240426-jzn96scc8y

  • MD5

    0055f0f770e0753d944e2dd2eb6bfc7b

  • SHA1

    529f909023b60a6eefa0cfb21157e455c7731cf3

  • SHA256

    10d273b2438f2fbb045b9ed9fdad82c5c58b6a60045c017c8dd3a0b195455016

  • SHA512

    5ecb06869887e1ca8e2e25b6c14c8b5fdad4fd2e43a6ad5ef44de520d1213c6f9d00589fbeb3963ff715d8c83c0c4f6b2fd77c1ef1b465204493aeb36d77f372

  • SSDEEP

    3072:aJmGKw0BiaynVRDwFwaSNDe1Fclgr+0StmnJza3yD/C8:11w0Bfjwve1FbRWmYiZ

Malware Config

Targets

    • Target

      0055f0f770e0753d944e2dd2eb6bfc7b_JaffaCakes118

    • Size

      136KB

    • MD5

      0055f0f770e0753d944e2dd2eb6bfc7b

    • SHA1

      529f909023b60a6eefa0cfb21157e455c7731cf3

    • SHA256

      10d273b2438f2fbb045b9ed9fdad82c5c58b6a60045c017c8dd3a0b195455016

    • SHA512

      5ecb06869887e1ca8e2e25b6c14c8b5fdad4fd2e43a6ad5ef44de520d1213c6f9d00589fbeb3963ff715d8c83c0c4f6b2fd77c1ef1b465204493aeb36d77f372

    • SSDEEP

      3072:aJmGKw0BiaynVRDwFwaSNDe1Fclgr+0StmnJza3yD/C8:11w0Bfjwve1FbRWmYiZ

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Tasks