Overview

overview

10

Static

static

467bbac28c...b8.exe

windows7_x64

10

467bbac28c...b8.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    467bbac28ce941c681318755a83fd2753e7e182b0f7de1d73fa5a730e3a1d2b8

  • Size

    98KB

  • Sample

    210508-2fmjp8xbs2

  • MD5

    d655e5bcceacab0add4691f419d2cc7f

  • SHA1

    c2dfc020ce9ff1496bbfbdbe6d9ebcca1e6509b7

  • SHA256

    467bbac28ce941c681318755a83fd2753e7e182b0f7de1d73fa5a730e3a1d2b8

  • SHA512

    e133d04097c4cadacd5c5dfcd5c4b5040fb585d431aee34c69592816c3a4fd265cd7d1734ce460f69419052cb8ec6161820dbe4a3838e934fcec0aee36aeff23

Score
10/10
tinbabankerpersistencetrojan

Malware Config

Targets

    • Target

      467bbac28ce941c681318755a83fd2753e7e182b0f7de1d73fa5a730e3a1d2b8

    • Size

      98KB

    • MD5

      d655e5bcceacab0add4691f419d2cc7f

    • SHA1

      c2dfc020ce9ff1496bbfbdbe6d9ebcca1e6509b7

    • SHA256

      467bbac28ce941c681318755a83fd2753e7e182b0f7de1d73fa5a730e3a1d2b8

    • SHA512

      e133d04097c4cadacd5c5dfcd5c4b5040fb585d431aee34c69592816c3a4fd265cd7d1734ce460f69419052cb8ec6161820dbe4a3838e934fcec0aee36aeff23

    Score
    10/10
    tinbabankerpersistencetrojan

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

      trojanbankertinba

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks