tinba | 685dab2ff06839a9585ce8b0aede037364a4ac1c284d4aa1bbc3b462d69343cc | Triage

Sharing

General

Target

f1e64d25c6a87b83b62fe6513100b24c_JaffaCakes118
Size

160KB
Sample

240415-znjhjsab9s
MD5

f1e64d25c6a87b83b62fe6513100b24c
SHA1

b908f972ea5a81e9976b65c14b134c700cb1f4fb
SHA256

685dab2ff06839a9585ce8b0aede037364a4ac1c284d4aa1bbc3b462d69343cc
SHA512

8915978e9b09326cbe2a3145cc9662c06c360c5f46714e46c47784009a0c8488ac8104880fc8353929a3c39412c4a434e560ef308075e119f19b74870470bd06
SSDEEP

1536:yEY+mFM2HXKZgi0Iksu+XM5/HtAQ9J6xph:5Y+4MiIkLZJNAQ9J6v

Score

10^/10

tinba banker persistence trojan upx

Malware Config

Targets

- Target
  
  f1e64d25c6a87b83b62fe6513100b24c_JaffaCakes118
- Size
  
  160KB
- MD5
  
  f1e64d25c6a87b83b62fe6513100b24c
- SHA1
  
  b908f972ea5a81e9976b65c14b134c700cb1f4fb
- SHA256
  
  685dab2ff06839a9585ce8b0aede037364a4ac1c284d4aa1bbc3b462d69343cc
- SHA512
  
  8915978e9b09326cbe2a3145cc9662c06c360c5f46714e46c47784009a0c8488ac8104880fc8353929a3c39412c4a434e560ef308075e119f19b74870470bd06
- SSDEEP
  
  1536:yEY+mFM2HXKZgi0Iksu+XM5/HtAQ9J6xph:5Y+4MiIkLZJNAQ9J6v
Score

10^/10

tinba banker persistence trojan upx
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

tinbabankerpersistencetrojanupx

behavioral2

tinbabankerpersistencetrojanupx