General

  • Target

    03b634b318570a30ae52c8a4f22122e6_JaffaCakes118

  • Size

    98KB

  • Sample

    240427-1s14tshd52

  • MD5

    03b634b318570a30ae52c8a4f22122e6

  • SHA1

    dc735ab5c9e59060bfad3a952302d3dc726b5ce3

  • SHA256

    4c75af787437a52f57d93cc8585e88eef2f323c970a60a7b5ae8ff2a1950bef7

  • SHA512

    5d016d9600d4bf31a67fd77cddcaabee2b28a908c7fdda781805de798d07e925ac28bc89202452c197d65d4cecdea9f29ac2640f6b491eaed8a832af597668fa

  • SSDEEP

    1536:dnWO4O9IR5Zw1WvO1+QrK4F8X2+jJWJtmrK4Vyic+pcDyt3nckaNMTH:dnL4O96w0G1+ah8X2+922Zgic8tt1mG

Malware Config

Targets

    • Target

      03b634b318570a30ae52c8a4f22122e6_JaffaCakes118

    • Size

      98KB

    • MD5

      03b634b318570a30ae52c8a4f22122e6

    • SHA1

      dc735ab5c9e59060bfad3a952302d3dc726b5ce3

    • SHA256

      4c75af787437a52f57d93cc8585e88eef2f323c970a60a7b5ae8ff2a1950bef7

    • SHA512

      5d016d9600d4bf31a67fd77cddcaabee2b28a908c7fdda781805de798d07e925ac28bc89202452c197d65d4cecdea9f29ac2640f6b491eaed8a832af597668fa

    • SSDEEP

      1536:dnWO4O9IR5Zw1WvO1+QrK4F8X2+jJWJtmrK4Vyic+pcDyt3nckaNMTH:dnL4O96w0G1+ah8X2+922Zgic8tt1mG

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Tasks