ioc[.]one - OSINT Cyber Threat Intelligence Database

Cinobi Banking Trojan Targets Users of Cryptocurrency Exchanges with New Malvertising Campaign

Tags

country:	Japan
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	9d48c04d-254d-449f-98b3-6286ade44ddc
Fingerprint	972f3a832ebe9b5f
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 9, 2021, midnight
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising
Title	Cinobi Banking Trojan Targets Users of Cryptocurrency Exchanges with New Malvertising Campaign
Detected Hints/Tags/Attributes	51/3/67

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_us/research/21/h/cinobi-banking-trojan-targets-users-of-cryptocurrency-exchanges-.html
Details	Source	https://www.trendmicro.com/en_us/research/21/h/cinobi-banking-trojan-targets-users-of-cryptocurrency-exchanges-.html?&web_view=true

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	CVE	22	cve-2020-1380
Details	CVE	48	cve-2021-26411
Details	Domain	2	index.clientdownload.windows
Details	Domain	2	trojan.win32.shelload.az
Details	Domain	2	magicalgirl.zip
Details	Domain	2	kiplayer.zip
Details	Domain	2	trojan.win32.shelload.ba
Details	Domain	2	trojan.win32.cinobi.ac
Details	Domain	2	www.chirigame.com
Details	Domain	2	www.supapureigemu.com
Details	Domain	2	www.getkiplayer.com
Details	Domain	2	www.magicalgirlonlive.com
Details	Domain	2	a7q5adiilsjkujxk.onion
Details	Domain	2	5lmt6t4kaymuwvm5.onion
Details	File	2	logicapture.exe
Details	File	2	xjs.dll
Details	File	2	format.cfg
Details	File	3	config.dll
Details	File	2	cfg.config
Details	File	18	a.dll
Details	File	88	1.txt
Details	File	1018	rundll32.exe
Details	File	2	%temp%\a.dll
Details	File	2	%temp%\1.txt
Details	File	2	oneroom_setup.zip
Details	File	2	oneroom_game.zip
Details	File	2	magicalgirl.zip
Details	File	2	kiplayer.zip
Details	File	2	oneroom_game_v7.zip
Details	sha256	2	08fb68eb741bf68f3cfc29a4ad3033d75ad57798ed826d926344015bdb8b0ebb
Details	sha256	2	124fe26d53e2702b42ae07f8aec5ee4e79e7424bce6ecda608536bbf0a7a2377
Details	sha256	2	e667f9c109e20900cc8badd09ede6cdce0bdc77164cfd035ace95498e90d45e7
Details	sha256	2	93ffe7cf56feb3fb541aef91d3fc04a5cf22df428dc0b7e5feb8edddc2c72699
Details	sha256	2	ad13bb18465d259acc6e4ceba24beff42d50843c8fd92633c569e493a075fddc
Details	sha256	2	a9ef18b012bd20945bb3533deec69d82437bf0117f83b2e9f9e7facc5aa81255
Details	sha256	2	6c1f4ffa63ee7094573b0f6d1bd51255f603bc8958757405c8c998416537d587
Details	sha256	2	1366e2ac6365e4b76595a19760438d876e01db40c60ec3f42849f0218b724f1b
Details	sha256	2	0b3e5e2406490df17a198a8340b103bb331a5277461234f3f90ed257e418c1f8
Details	sha256	2	3e0faee93f6ef572537735c7f2d82d151c5a21eb30eacc576b3b66320c74fd34
Details	sha256	2	db6cbe4ee82f87008b34d1d4e9aa6ee3c9ccd21cb7a0b60925d5da8d1295a269
Details	sha256	2	3b7fb5ec8180ad74871eb9f5b59e6e98a188ce84ba3bd6add9b4bcfccb80c137
Details	sha256	2	52e2b9cba4e1bee1eb3ed9d03bc33eadb6c8d6aac8598679aa95690e587be7c4
Details	sha256	2	f5ad9e32a84df617aba3786f19ba7dab4b4bd8a27627232d3aace760511aedf7
Details	sha256	2	45c7c36e7e8b832815d8b03651edc14f864b52e1c599e5336a1aaa0bd47ff3e3
Details	sha256	2	522c59bace844a3d76b674842373ddbf959fc5b352317b024dbf225f536a641e
Details	sha256	2	16ab933ad01d73120ee5b764c12057ff7f6dc3063bbc377cdb87419a30532323
Details	sha256	2	9d10ac2a2c7c58f1e1d4b745746aa5f0ce699c0db87ccca43418435faa03ad1b
Details	sha256	2	c4039cd7db24158be51da9010e6a367f5253f40f007b656407fb69d279732784
Details	sha256	2	2a6fe431326accaf31ea7ca7cd1214ad5efca891619859bcf60671a62c8d81f4
Details	sha256	2	258edbbac7e78b4f51433807b237fc0ed7f76031795ea48a4fefb38949f9b3b6
Details	sha256	2	a3010f206656752fad70ef7637947933152e7adc883b43d0832b2234c8e6f968
Details	sha256	2	e037839a3dacc3153754a156136e9ead2f4c52939fe869b3981c4bb5114202c8
Details	sha256	2	f8b80978d4548139e824863dd661e40af4c2523c3e93547e4f167a749e108280
Details	sha256	2	b157beac5516d05a014527b3f0fe4b01683caac9fff6608b67a8ba62df5ef838
Details	sha256	2	2384fda35a293b5f5b32b09e8dc455e7ce40a92d25cd9baceeab494785426b46
Details	sha256	2	9ff65052fe93a884d7bce36e87f4de104839f72f26af66785b2d98eab706c816
Details	sha256	2	31c936d08e9ba8fda86844f67363223bdb6a917f530571abcb3f584874909fea
Details	sha256	2	00f24ac0ad19dc3ee05a112f7650aaba16041020263ea851c90f3c0a61c7ec57
Details	sha256	2	b0e5bb79cdfad284d88bc26db4289a51f114cc71c928e8a9951dc8c498a243b9
Details	sha256	2	095e85ebe2155798fb3a5fbd57196cf377b56fb2176cff3a776302dcb806237d
Details	sha256	2	b36bff265ee47d31e4c70ee78badcfcc0de89643da61c1bf16ba2d6f36a62936
Details	sha256	2	e41ab2de9ccffe3aaddb32c224114d88d2e61c02d52f89829b544f49b672d74d
Details	sha256	2	59df3b32a0d3fefb15c6aab7d9254e597484a486156cbc1f403a376a8a0c25fb
Details	sha256	2	043720f493ca7a2b2e18ccd7aec8cb8d577f544aae02975bfe313046e839f107
Details	sha256	2	83f7d60d172628e421ef038566f449e8708573201c8f23398f0f06b5f33123da
Details	sha256	2	58c60164aaa23777e5a8dbba25c4466a5b1eca54ef8cf02ba2cd1ab7084753be
Details	sha256	2	f3da0c082eb271a2f0dd54f2a3260bfc02bdf311ebcb1c619d479fcbb1e9f6f5