Overview

overview

10

Static

static

ac0fa8702f...92.exe

windows7_x64

10

ac0fa8702f...92.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ac0fa8702f9c158e4190df014f41adc0eb919f8d5cd3209cf770a143542b5792

  • Size

    152KB

  • Sample

    210509-j7crtac9vn

  • MD5

    d6c2ff3bcc79d6764ddb54776732c0f2

  • SHA1

    106dc61e37571e3a479d80e83d459024d689e267

  • SHA256

    ac0fa8702f9c158e4190df014f41adc0eb919f8d5cd3209cf770a143542b5792

  • SHA512

    dec13d7f15cbf2b6ce02138699884b6ac30f719dec896c2bc12be20fac891db5890bc1409bab62857f67b55d40e17b21b1b246b58584eded2a54c1abb3f638ca

Score
10/10
tinbabankerpersistencetrojan

Malware Config

Targets

    • Target

      ac0fa8702f9c158e4190df014f41adc0eb919f8d5cd3209cf770a143542b5792

    • Size

      152KB

    • MD5

      d6c2ff3bcc79d6764ddb54776732c0f2

    • SHA1

      106dc61e37571e3a479d80e83d459024d689e267

    • SHA256

      ac0fa8702f9c158e4190df014f41adc0eb919f8d5cd3209cf770a143542b5792

    • SHA512

      dec13d7f15cbf2b6ce02138699884b6ac30f719dec896c2bc12be20fac891db5890bc1409bab62857f67b55d40e17b21b1b246b58584eded2a54c1abb3f638ca

    Score
    10/10
    tinbabankerpersistencetrojan

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

      trojanbankertinba

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks