Overview

overview

10

Static

static

2df52c9713...73.exe

windows7_x64

10

2df52c9713...73.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2df52c9713c926a3640558f3446334001f6a9b0747849cda74039c0674b39573

  • Size

    98KB

  • Sample

    210509-6sl6qdctsa

  • MD5

    c266bc48d516ba152dac867159118ac0

  • SHA1

    76d3f461a28daadc027e95b8fe472df6a597452f

  • SHA256

    2df52c9713c926a3640558f3446334001f6a9b0747849cda74039c0674b39573

  • SHA512

    05e221c738ab83f3c09242080a9008f70a1a18fb9ea02595805478a76d2609d6773353cfdad3b68100038435d4aac994f7bf45325284d5f97c837fb531fc9d57

Score
10/10
tinbabankerpersistencetrojan

Malware Config

Targets

    • Target

      2df52c9713c926a3640558f3446334001f6a9b0747849cda74039c0674b39573

    • Size

      98KB

    • MD5

      c266bc48d516ba152dac867159118ac0

    • SHA1

      76d3f461a28daadc027e95b8fe472df6a597452f

    • SHA256

      2df52c9713c926a3640558f3446334001f6a9b0747849cda74039c0674b39573

    • SHA512

      05e221c738ab83f3c09242080a9008f70a1a18fb9ea02595805478a76d2609d6773353cfdad3b68100038435d4aac994f7bf45325284d5f97c837fb531fc9d57

    Score
    10/10
    tinbabankerpersistencetrojan

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

      trojanbankertinba

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks