tinba | 6ae1a5817432b26199760998da3fa5eeb31febc2e0a702e38f0aa5d6596fff5e | Triage

Sharing

General

Target

6ae1a5817432b26199760998da3fa5eeb31febc2e0a702e38f0aa5d6596fff5e
Size

116KB
Sample

221127-r2pbysaa9w
MD5

7b05fe96d8b17a196dd8675d77f0b430
SHA1

328563ae5bd14e13b4c2d66be9d36eca0189c54c
SHA256

6ae1a5817432b26199760998da3fa5eeb31febc2e0a702e38f0aa5d6596fff5e
SHA512

cb6ae2e0d0166c31d60f7315d243468a0cd595e7d5685707412054214e2952052fc831c1b465c89a55ac9f7a934cda489310304deb0d23b16eca1e417c358722
SSDEEP

3072:TsKSBaVDr8SSe0LcNZ0dIreucsrZEkKtRG:TNSMVDrR8cNh

Score

10^/10

tinba banker persistence trojan

Malware Config

Targets

- Target
  
  6ae1a5817432b26199760998da3fa5eeb31febc2e0a702e38f0aa5d6596fff5e
- Size
  
  116KB
- MD5
  
  7b05fe96d8b17a196dd8675d77f0b430
- SHA1
  
  328563ae5bd14e13b4c2d66be9d36eca0189c54c
- SHA256
  
  6ae1a5817432b26199760998da3fa5eeb31febc2e0a702e38f0aa5d6596fff5e
- SHA512
  
  cb6ae2e0d0166c31d60f7315d243468a0cd595e7d5685707412054214e2952052fc831c1b465c89a55ac9f7a934cda489310304deb0d23b16eca1e417c358722
- SSDEEP
  
  3072:TsKSBaVDr8SSe0LcNZ0dIreucsrZEkKtRG:TNSMVDrR8cNh
Score

10^/10

tinba banker persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

tinbabankerpersistencetrojan

behavioral2