General

  • Target

    f3beb725aa3773608ec2799a986132a0_JaffaCakes118

  • Size

    65KB

  • Sample

    241215-ndgqessmat

  • MD5

    f3beb725aa3773608ec2799a986132a0

  • SHA1

    369e20fd4ac69798a4a5e3f28550c9e86fb80892

  • SHA256

    383ac30c368c1dc467cb1931640e947e4fd81114f5741d44a50b4b7e0237407f

  • SHA512

    8dac2efdc5990a4a9077d64ec22799ac95f88fa4015b098a7652d181ac35bea7ea31883b1912135a831ca5fcd42a0eed7deb6a1bd07053e1756f59a68cebbbb9

  • SSDEEP

    1536:T8KNIyHN/QrOdHP1HDY+bBAG88zff0B/xDy9wq/dU1SK975B4cEg:vt/3dHFxlacn0BJowGUIKDSy

Malware Config

Targets

    • Target

      12,27,58 27-07-2015 voice.wav.exe

    • Size

      100KB

    • MD5

      8af1ac4476bd48388fd690c6bdf82eb8

    • SHA1

      9541efff429a869992c046a81d4a04842835e1ce

    • SHA256

      d445d97c79e6578a194e85619ab0183d930ac4041b73210582f04b4a6d6300ad

    • SHA512

      dd735d40f46236d0d5805347f107c3f276b60154735537faf9f82f20a9f2d2d6d28db08e0894ed3a810c484d9d18fedaa55da050de5af9c577deb63d3d020e1e

    • SSDEEP

      1536:YryIOzqdHP1HDYObBAG88zff0B/xDy9Qq/dU1+K975AnpUH/rT6Ic:QzdHF3lacn0BJoQGUQKDgp0/36z

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

    • Tinba family

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks