Overview

overview

10

Static

static

8fc589bedd...ca.exe

windows7_x64

10

8fc589bedd...ca.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8fc589bedd19c93aaf61e9377ff8524051061f928534696d534686647b0659ca

  • Size

    98KB

  • Sample

    210508-jrlvmta1jx

  • MD5

    b7a07bcf6758bb13cc0d6f86e3e79980

  • SHA1

    e14c019fccbe96c3880d11ab0d15427e24c694fa

  • SHA256

    8fc589bedd19c93aaf61e9377ff8524051061f928534696d534686647b0659ca

  • SHA512

    fed7c39476019aba7a427a237676652e6665913ed0bbf12da023265835679ed1fe01d6b2140c481ef6f79b2e04b5a1f4e5651c186c9e6e6bda682d24353fe664

Score
10/10
tinbabankerpersistencetrojan

Malware Config

Targets

    • Target

      8fc589bedd19c93aaf61e9377ff8524051061f928534696d534686647b0659ca

    • Size

      98KB

    • MD5

      b7a07bcf6758bb13cc0d6f86e3e79980

    • SHA1

      e14c019fccbe96c3880d11ab0d15427e24c694fa

    • SHA256

      8fc589bedd19c93aaf61e9377ff8524051061f928534696d534686647b0659ca

    • SHA512

      fed7c39476019aba7a427a237676652e6665913ed0bbf12da023265835679ed1fe01d6b2140c481ef6f79b2e04b5a1f4e5651c186c9e6e6bda682d24353fe664

    Score
    10/10
    tinbabankerpersistencetrojan

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

      trojanbankertinba

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks