General
-
Target
2025-03-31_af3f4f38d42f7d2bbd91d3342b2c6492_amadey_rhadamanthys_smoke-loader
-
Size
225KB
-
Sample
250331-btrt4szzds
-
MD5
af3f4f38d42f7d2bbd91d3342b2c6492
-
SHA1
919fe9b281ebfec6598f2f72b55f527992589c92
-
SHA256
c1dbf75bd0dcf6a8fde9029f081fb1bc2af0519dccc49b8231d38d50134523e9
-
SHA512
87b0a0fd01c3e96ea517c84d42a2811cfae5953bf6895ec94ad8a1d9ec16e2a15e6bb5179443995875533a4c65a3e7aaef2d19d6d3a45fd6812db55815f47509
-
SSDEEP
6144:kA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:kATuTAnKGwUAW3ycQqgf
Malware Config
Targets
-
-
Target
2025-03-31_af3f4f38d42f7d2bbd91d3342b2c6492_amadey_rhadamanthys_smoke-loader
-
Size
225KB
-
MD5
af3f4f38d42f7d2bbd91d3342b2c6492
-
SHA1
919fe9b281ebfec6598f2f72b55f527992589c92
-
SHA256
c1dbf75bd0dcf6a8fde9029f081fb1bc2af0519dccc49b8231d38d50134523e9
-
SHA512
87b0a0fd01c3e96ea517c84d42a2811cfae5953bf6895ec94ad8a1d9ec16e2a15e6bb5179443995875533a4c65a3e7aaef2d19d6d3a45fd6812db55815f47509
-
SSDEEP
6144:kA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:kATuTAnKGwUAW3ycQqgf
Score10/10-
Tinba / TinyBanker
Banking trojan which uses packet sniffing to steal data.
-
Tinba family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1