Overview

overview

10

Static

static

b88d035f76...00.exe

windows7-x64

10

b88d035f76...00.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b88d035f7654fc621cc6c4f3b58fded65272e7576b8e78bbc78b7dd4d524b700

  • Size

    65KB

  • Sample

    221128-v23fcscd52

  • MD5

    eff66439bbbae2cd2194ba453ac3d977

  • SHA1

    9d171e379afcdeedb2430a62ca43fd2b30a37995

  • SHA256

    b88d035f7654fc621cc6c4f3b58fded65272e7576b8e78bbc78b7dd4d524b700

  • SHA512

    8ac468e0eb61c8916f3ff43128062ce416fc50aa7ae10a7f12f2ef996a0701ccbe63bdd1c2bc2d81dee9f240da61413d7b7019194f32e27ed2a916523fec593d

  • SSDEEP

    1536:Ck8VC0V3/h7puxJxcZGRUPPnpNbx05Cxk:Ck8VC0jpOs1pNbG5d

Score
10/10
tinbabankerpersistencetrojan

Malware Config

Targets

    • Target

      b88d035f7654fc621cc6c4f3b58fded65272e7576b8e78bbc78b7dd4d524b700

    • Size

      65KB

    • MD5

      eff66439bbbae2cd2194ba453ac3d977

    • SHA1

      9d171e379afcdeedb2430a62ca43fd2b30a37995

    • SHA256

      b88d035f7654fc621cc6c4f3b58fded65272e7576b8e78bbc78b7dd4d524b700

    • SHA512

      8ac468e0eb61c8916f3ff43128062ce416fc50aa7ae10a7f12f2ef996a0701ccbe63bdd1c2bc2d81dee9f240da61413d7b7019194f32e27ed2a916523fec593d

    • SSDEEP

      1536:Ck8VC0V3/h7puxJxcZGRUPPnpNbx05Cxk:Ck8VC0jpOs1pNbG5d

    Score
    10/10
    tinbabankerpersistencetrojan

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

      trojanbankertinba

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks