tinba | e63c05f3d721f2bad7458e2f32ab8a256e048eb56a63e9a01ded4fc0e6ad0d90 | Triage

Sharing

General

Target

f1564f1d95508062a03d58b2f5ce4e99_JaffaCakes118
Size

160KB
Sample

240415-secv3shc93
MD5

f1564f1d95508062a03d58b2f5ce4e99
SHA1

ee7fa2296d8dcf2b5fe0292acffe4c7051ec2b60
SHA256

e63c05f3d721f2bad7458e2f32ab8a256e048eb56a63e9a01ded4fc0e6ad0d90
SHA512

a46a2e4bd7bd78ad8cda131405b2c29f673d2123ce8e64390f86fe9cc378b3bdd5114afdd8c11f8f0edc83a4eacfb378e0f7700b55130fa7b83934e78cd0e65e
SSDEEP

1536:CEY+mFM2HXKZgi0Iksu+XM5/HtAQ9J6xph:JY+4MiIkLZJNAQ9J6v

Score

10^/10

tinba banker persistence trojan upx

Malware Config

Targets

- Target
  
  f1564f1d95508062a03d58b2f5ce4e99_JaffaCakes118
- Size
  
  160KB
- MD5
  
  f1564f1d95508062a03d58b2f5ce4e99
- SHA1
  
  ee7fa2296d8dcf2b5fe0292acffe4c7051ec2b60
- SHA256
  
  e63c05f3d721f2bad7458e2f32ab8a256e048eb56a63e9a01ded4fc0e6ad0d90
- SHA512
  
  a46a2e4bd7bd78ad8cda131405b2c29f673d2123ce8e64390f86fe9cc378b3bdd5114afdd8c11f8f0edc83a4eacfb378e0f7700b55130fa7b83934e78cd0e65e
- SSDEEP
  
  1536:CEY+mFM2HXKZgi0Iksu+XM5/HtAQ9J6xph:JY+4MiIkLZJNAQ9J6v
Score

10^/10

tinba banker persistence trojan upx
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

tinbabankerpersistencetrojanupx

behavioral2

tinbabankerpersistencetrojanupx