General

  • Target

    088b0c876ca93ae3baff62ba6ea2cb6c_JaffaCakes118

  • Size

    98KB

  • Sample

    240429-3zvazaeb95

  • MD5

    088b0c876ca93ae3baff62ba6ea2cb6c

  • SHA1

    97d2f7ebf34c731625de4f4b948d19976da2feec

  • SHA256

    dd80f33e977d295add0daed8a8e34002fd26cc3278965a798abe308ebe78dd71

  • SHA512

    7a002b668ba722053eb3dbcc58a30015f32470c06be4ac7a752ebc753ead195444fbd35339e685e0a9fd2bfd5d0a71c3a73bdcc25481eb2fa3a860bb693e1bbb

  • SSDEEP

    3072:2ML4O96w0G1+aL/BtaQP+kQEu+qGadSa/Ad:T8O96wt+e/Bta8dI5a

Malware Config

Targets

    • Target

      088b0c876ca93ae3baff62ba6ea2cb6c_JaffaCakes118

    • Size

      98KB

    • MD5

      088b0c876ca93ae3baff62ba6ea2cb6c

    • SHA1

      97d2f7ebf34c731625de4f4b948d19976da2feec

    • SHA256

      dd80f33e977d295add0daed8a8e34002fd26cc3278965a798abe308ebe78dd71

    • SHA512

      7a002b668ba722053eb3dbcc58a30015f32470c06be4ac7a752ebc753ead195444fbd35339e685e0a9fd2bfd5d0a71c3a73bdcc25481eb2fa3a860bb693e1bbb

    • SSDEEP

      3072:2ML4O96w0G1+aL/BtaQP+kQEu+qGadSa/Ad:T8O96wt+e/Bta8dI5a

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Tasks