General

  • Target

    a2cb876990289e1cefe335f68c3c048dbec4100742d94b008de05d5b5d7bdef2

  • Size

    58KB

  • Sample

    240506-3zhbeacb42

  • MD5

    e221d6fb12bd32fe94293fa1f2263e99

  • SHA1

    8bf31b5205f82139b5317229731b23e85008c346

  • SHA256

    a2cb876990289e1cefe335f68c3c048dbec4100742d94b008de05d5b5d7bdef2

  • SHA512

    3b9eda4e127e16c7c86f81e1a9906ea2f444917cf67289472eea761e8c6bd26a38c8cf0e042a79f3d4e318291f39ae8db3571ed314a350f6dc98c5ba14219533

  • SSDEEP

    768:vNMbiFKoELVxrcCsUmWkpbrD7GpxkTIzQMBIm6aNGyUwq9JaTovtebSo:vWBoEcCsUVEbr+BZG1CutY

Malware Config

Targets

    • Target

      a2cb876990289e1cefe335f68c3c048dbec4100742d94b008de05d5b5d7bdef2

    • Size

      58KB

    • MD5

      e221d6fb12bd32fe94293fa1f2263e99

    • SHA1

      8bf31b5205f82139b5317229731b23e85008c346

    • SHA256

      a2cb876990289e1cefe335f68c3c048dbec4100742d94b008de05d5b5d7bdef2

    • SHA512

      3b9eda4e127e16c7c86f81e1a9906ea2f444917cf67289472eea761e8c6bd26a38c8cf0e042a79f3d4e318291f39ae8db3571ed314a350f6dc98c5ba14219533

    • SSDEEP

      768:vNMbiFKoELVxrcCsUmWkpbrD7GpxkTIzQMBIm6aNGyUwq9JaTovtebSo:vWBoEcCsUVEbr+BZG1CutY

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Tasks