tinba | 2e61532ad6cf141ffdfa9a23e35421bf3b4705b9a78f43afb8e7329211ac7c09 | Triage

Sharing

General

Target

c98ff1c8c1ba63c66a765d240d885a2f
Size

160KB
Sample

240314-zd5m2agf46
MD5

c98ff1c8c1ba63c66a765d240d885a2f
SHA1

3938a1efe8a094e4a2c79db88ad73ab81cdf97dd
SHA256

2e61532ad6cf141ffdfa9a23e35421bf3b4705b9a78f43afb8e7329211ac7c09
SHA512

1bb5f70b428db86a8b4e50c96d2645ae8181bad2cbd249e17d81cf48d527902380e6b9833e163d07f763b330c986bfa17f873785714bd292d5888f4b39cce363
SSDEEP

1536:eEY+mFM2HXKZgi0Iksu+XM5/HtAQ9J6xph:VY+4MiIkLZJNAQ9J6v

Score

10^/10

tinba banker persistence trojan upx

Malware Config

Targets

- Target
  
  c98ff1c8c1ba63c66a765d240d885a2f
- Size
  
  160KB
- MD5
  
  c98ff1c8c1ba63c66a765d240d885a2f
- SHA1
  
  3938a1efe8a094e4a2c79db88ad73ab81cdf97dd
- SHA256
  
  2e61532ad6cf141ffdfa9a23e35421bf3b4705b9a78f43afb8e7329211ac7c09
- SHA512
  
  1bb5f70b428db86a8b4e50c96d2645ae8181bad2cbd249e17d81cf48d527902380e6b9833e163d07f763b330c986bfa17f873785714bd292d5888f4b39cce363
- SSDEEP
  
  1536:eEY+mFM2HXKZgi0Iksu+XM5/HtAQ9J6xph:VY+4MiIkLZJNAQ9J6v
Score

10^/10

tinba banker persistence trojan upx
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerpersistencetrojanupx

behavioral2

tinbabankerpersistencetrojanupx