General

  • Target

    b680c244b8c257f50cc689c319b2772672fd0bf12799b6bbeea268046a00cc1b

  • Size

    59KB

  • Sample

    240503-c3websfb62

  • MD5

    7ac8ed2c168e62aac092613f77cf8c00

  • SHA1

    087bb9986e552f6e085ef74ccbd7a71c7377085d

  • SHA256

    b680c244b8c257f50cc689c319b2772672fd0bf12799b6bbeea268046a00cc1b

  • SHA512

    9e387b7a442680629403ddfd1a31030271ca397dc9db84f39ac8e6f08947466408513c1df56c820ecff24917bbf84ca9239639ac90b1c07e2608d123ccfc0436

  • SSDEEP

    1536:K9OUIQZhIzNswBbhtEvS3l31cbQ0GlvNCPu:KAUIjsIcE1N/

Malware Config

Targets

    • Target

      b680c244b8c257f50cc689c319b2772672fd0bf12799b6bbeea268046a00cc1b

    • Size

      59KB

    • MD5

      7ac8ed2c168e62aac092613f77cf8c00

    • SHA1

      087bb9986e552f6e085ef74ccbd7a71c7377085d

    • SHA256

      b680c244b8c257f50cc689c319b2772672fd0bf12799b6bbeea268046a00cc1b

    • SHA512

      9e387b7a442680629403ddfd1a31030271ca397dc9db84f39ac8e6f08947466408513c1df56c820ecff24917bbf84ca9239639ac90b1c07e2608d123ccfc0436

    • SSDEEP

      1536:K9OUIQZhIzNswBbhtEvS3l31cbQ0GlvNCPu:KAUIjsIcE1N/

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • UPX dump on OEP (original entry point)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Tasks