Overview

overview

10

Static

static

b54b3fda9d...fa.exe

windows7_x64

10

b54b3fda9d...fa.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b54b3fda9d23508c93d5f65d811ca3b213fd599de121ab7d27adf53c89d4fafa

  • Size

    98KB

  • Sample

    210508-g4n2njas4j

  • MD5

    b85653f4f16eafa426d7df006f259956

  • SHA1

    542c542b9337daf958691e15197e0330a5867561

  • SHA256

    b54b3fda9d23508c93d5f65d811ca3b213fd599de121ab7d27adf53c89d4fafa

  • SHA512

    82e884cad800bae0cd16621fe6a83800519d456ee936a7ae43c4308d228b6cf3621ba7ba19a4323c97eb026faca4fa3c56c530127134cfc2399e4c4c18f39c37

Score
10/10
tinbabankerpersistencetrojan

Malware Config

Targets

    • Target

      b54b3fda9d23508c93d5f65d811ca3b213fd599de121ab7d27adf53c89d4fafa

    • Size

      98KB

    • MD5

      b85653f4f16eafa426d7df006f259956

    • SHA1

      542c542b9337daf958691e15197e0330a5867561

    • SHA256

      b54b3fda9d23508c93d5f65d811ca3b213fd599de121ab7d27adf53c89d4fafa

    • SHA512

      82e884cad800bae0cd16621fe6a83800519d456ee936a7ae43c4308d228b6cf3621ba7ba19a4323c97eb026faca4fa3c56c530127134cfc2399e4c4c18f39c37

    Score
    10/10
    tinbabankerpersistencetrojan

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

      trojanbankertinba

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks