tinba | f18f5d25ad4f674066fb32d33db9e68138514e1c48cb9ad627ef8da5a3d80952 | Triage

Sharing

General

Target

f18f5d25ad4f674066fb32d33db9e68138514e1c48cb9ad627ef8da5a3d80952
Size

84KB
Sample

221127-tk3t5aae84
MD5

ad08725b07e785fda98be9b672c3142f
SHA1

e20382e68a14754cff479be1b0bdd218479bce44
SHA256

f18f5d25ad4f674066fb32d33db9e68138514e1c48cb9ad627ef8da5a3d80952
SHA512

8a7d37b6f5ef2f9ce6aff319d3267d2ecc6990b1f4b2ab0b1dbab0d82711bc186ede310334bf122da386ab508e6226de0d93f4e566c0d61d347f1ec42fa6e6e8
SSDEEP

768:NL2nV/xf1YW47yg8AsO4KZEMEl1Vpil/MsK3LQCsV5OKuulwUPcbvCBdKejQg:NLQ91YXOJljcqs5CY4KLlw/bXeN

Score

10^/10

tinba banker persistence trojan

Malware Config

Targets

- Target
  
  f18f5d25ad4f674066fb32d33db9e68138514e1c48cb9ad627ef8da5a3d80952
- Size
  
  84KB
- MD5
  
  ad08725b07e785fda98be9b672c3142f
- SHA1
  
  e20382e68a14754cff479be1b0bdd218479bce44
- SHA256
  
  f18f5d25ad4f674066fb32d33db9e68138514e1c48cb9ad627ef8da5a3d80952
- SHA512
  
  8a7d37b6f5ef2f9ce6aff319d3267d2ecc6990b1f4b2ab0b1dbab0d82711bc186ede310334bf122da386ab508e6226de0d93f4e566c0d61d347f1ec42fa6e6e8
- SSDEEP
  
  768:NL2nV/xf1YW47yg8AsO4KZEMEl1Vpil/MsK3LQCsV5OKuulwUPcbvCBdKejQg:NLQ91YXOJljcqs5CY4KLlw/bXeN
Score

10^/10

tinba banker persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

tinbabankerpersistencetrojan

behavioral2