General

  • Target

    60e7e440bdae81774ef33134e3470a70_NEAS

  • Size

    160KB

  • Sample

    240507-nwq2taed51

  • MD5

    60e7e440bdae81774ef33134e3470a70

  • SHA1

    129de538533b480c26a9f43dceb4aa96ee8469a3

  • SHA256

    622c6371223dfc65b07726614b8f83ebd65f3926b94aacdacf4c70a416d14124

  • SHA512

    4ac2a75c0778c403ccb9c22c9fbf8d732eac56278d6df09643c973739eadf637252977415b684c006b7df991475cbe9d5f49bb525fb73ca4a0964757b6765ef6

  • SSDEEP

    1536:EEY+mFM2HXKZgi0Iksu+XM5/HtAQ9J6xph:3Y+4MiIkLZJNAQ9J6v

Malware Config

Targets

    • Target

      60e7e440bdae81774ef33134e3470a70_NEAS

    • Size

      160KB

    • MD5

      60e7e440bdae81774ef33134e3470a70

    • SHA1

      129de538533b480c26a9f43dceb4aa96ee8469a3

    • SHA256

      622c6371223dfc65b07726614b8f83ebd65f3926b94aacdacf4c70a416d14124

    • SHA512

      4ac2a75c0778c403ccb9c22c9fbf8d732eac56278d6df09643c973739eadf637252977415b684c006b7df991475cbe9d5f49bb525fb73ca4a0964757b6765ef6

    • SSDEEP

      1536:EEY+mFM2HXKZgi0Iksu+XM5/HtAQ9J6xph:3Y+4MiIkLZJNAQ9J6v

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Tasks