General

  • Target

    995ab098bb05c48a189821b6476c56b0_NEAS

  • Size

    45KB

  • Sample

    240507-qg1c2sbg52

  • MD5

    995ab098bb05c48a189821b6476c56b0

  • SHA1

    82410e0ceb87e5fbb727f1ae146d9cdbd75672f4

  • SHA256

    a20c92a35a110db5e50e0132e415349ec5a36e7448d54da494b67d7757f1c092

  • SHA512

    8b155b7d8494fd5ff4f6dea9f475221888a3273c8c0660549a6660e441dbecaa5df56596bfeada8142d91710c5e49828dac52d712b3aa0e2b967ed22b859869b

  • SSDEEP

    768:uhP0kDE9N5dCA8J7VHXdrIniQaBTT+QQ+r1n4K8+C9TtIuCjaqUODvJVQ2f:isWE9N5dFu53dsniQaB/xZ14n7zIF+qr

Malware Config

Targets

    • Target

      995ab098bb05c48a189821b6476c56b0_NEAS

    • Size

      45KB

    • MD5

      995ab098bb05c48a189821b6476c56b0

    • SHA1

      82410e0ceb87e5fbb727f1ae146d9cdbd75672f4

    • SHA256

      a20c92a35a110db5e50e0132e415349ec5a36e7448d54da494b67d7757f1c092

    • SHA512

      8b155b7d8494fd5ff4f6dea9f475221888a3273c8c0660549a6660e441dbecaa5df56596bfeada8142d91710c5e49828dac52d712b3aa0e2b967ed22b859869b

    • SSDEEP

      768:uhP0kDE9N5dCA8J7VHXdrIniQaBTT+QQ+r1n4K8+C9TtIuCjaqUODvJVQ2f:isWE9N5dFu53dsniQaB/xZ14n7zIF+qr

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Tasks