General

  • Target

    6aedc188080cb439b9608a372c6199f0_JaffaCakes118

  • Size

    160KB

  • Sample

    240724-kennkswhpn

  • MD5

    6aedc188080cb439b9608a372c6199f0

  • SHA1

    c637ab3daaf11746a6782996f3808393221a4958

  • SHA256

    62107d427e56b874c30ad6fc1427083d2e73156c8a1e1db7c22181ee542c235d

  • SHA512

    73ff6a258050d2b461335ac1fe1d1bd01bc9e775764a978512e9934c27206205a8b4924118a9143814608df183c5808968a09408d936d5a71e15af5dfffa94b3

  • SSDEEP

    1536:AEY+mFM2HXKZgi0Iksu+XM5/HtAQ9J6xph:zY+4MiIkLZJNAQ9J6v

Malware Config

Targets

    • Target

      6aedc188080cb439b9608a372c6199f0_JaffaCakes118

    • Size

      160KB

    • MD5

      6aedc188080cb439b9608a372c6199f0

    • SHA1

      c637ab3daaf11746a6782996f3808393221a4958

    • SHA256

      62107d427e56b874c30ad6fc1427083d2e73156c8a1e1db7c22181ee542c235d

    • SHA512

      73ff6a258050d2b461335ac1fe1d1bd01bc9e775764a978512e9934c27206205a8b4924118a9143814608df183c5808968a09408d936d5a71e15af5dfffa94b3

    • SSDEEP

      1536:AEY+mFM2HXKZgi0Iksu+XM5/HtAQ9J6xph:zY+4MiIkLZJNAQ9J6v

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Tasks