tinba | a650934c45102e2b38a73b4acf213730ffd39c4792bc3cc7b49d3c030980994d | Triage

Sharing

General

Target

f923e45694d3280e9663a4c8adc7602c_JaffaCakes118
Size

160KB
Sample

240419-a8azgabg36
MD5

f923e45694d3280e9663a4c8adc7602c
SHA1

08b4b1841d5351b9d26141a2c0e9b941b7e0f188
SHA256

a650934c45102e2b38a73b4acf213730ffd39c4792bc3cc7b49d3c030980994d
SHA512

b24f23e93fb27f27dd4f5ce18a8073adcd2ed34fc3ae09f7b4a1b0bb330d396f05c5e3edf7ad872281119c7bfa7e12f43a7cb40c34bb12748cb0a9bffe98225d
SSDEEP

1536:6EY+mFM2HXKZgi0Iksu+XM5/HtAQ9J6xph:xY+4MiIkLZJNAQ9J6v

Score

10^/10

tinba banker persistence trojan upx

Malware Config

Targets

- Target
  
  f923e45694d3280e9663a4c8adc7602c_JaffaCakes118
- Size
  
  160KB
- MD5
  
  f923e45694d3280e9663a4c8adc7602c
- SHA1
  
  08b4b1841d5351b9d26141a2c0e9b941b7e0f188
- SHA256
  
  a650934c45102e2b38a73b4acf213730ffd39c4792bc3cc7b49d3c030980994d
- SHA512
  
  b24f23e93fb27f27dd4f5ce18a8073adcd2ed34fc3ae09f7b4a1b0bb330d396f05c5e3edf7ad872281119c7bfa7e12f43a7cb40c34bb12748cb0a9bffe98225d
- SSDEEP
  
  1536:6EY+mFM2HXKZgi0Iksu+XM5/HtAQ9J6xph:xY+4MiIkLZJNAQ9J6v
Score

10^/10

tinba banker persistence trojan upx
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

tinbabankerpersistencetrojanupx

behavioral2

tinbabankerpersistencetrojanupx