General

  • Target

    654cb030a6268864387c32f18160ca00_NEIKI

  • Size

    49KB

  • Sample

    240508-mkrcrsga8s

  • MD5

    654cb030a6268864387c32f18160ca00

  • SHA1

    7836255d5551432ff3ca1410a3b5ded9c9feedf4

  • SHA256

    b813e2568cb1a7459378f58188baee07e441ce3f966b1898da92ab95025bad26

  • SHA512

    3119a3ab8fd9e9614e3e426679881b150392575f6afee8f39f0881b3eee0251839b868796ed618699c8d1452a5a8dd415c751e7c272fdf086a415f7884e9349b

  • SSDEEP

    1536:bOBLXNqgzf2v6b6NkXklZlogHGe9eBXW:bYLduv6OqXIlogmjW

Malware Config

Targets

    • Target

      654cb030a6268864387c32f18160ca00_NEIKI

    • Size

      49KB

    • MD5

      654cb030a6268864387c32f18160ca00

    • SHA1

      7836255d5551432ff3ca1410a3b5ded9c9feedf4

    • SHA256

      b813e2568cb1a7459378f58188baee07e441ce3f966b1898da92ab95025bad26

    • SHA512

      3119a3ab8fd9e9614e3e426679881b150392575f6afee8f39f0881b3eee0251839b868796ed618699c8d1452a5a8dd415c751e7c272fdf086a415f7884e9349b

    • SSDEEP

      1536:bOBLXNqgzf2v6b6NkXklZlogHGe9eBXW:bYLduv6OqXIlogmjW

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Tasks