tinba | 8bb921e164ccea49485ca346dec333fa2142d670bb7d6e7058faf205957ebc59 | Triage

Submit
Reports

Overview

overview

Static

static

8bb921e164...59.exe

windows7-x64

8bb921e164...59.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

8bb921e164ccea49485ca346dec333fa2142d670bb7d6e7058faf205957ebc59
Size

60KB
Sample

240424-w5x6gsfa5z
MD5

4066b03dcae627d0c994bc8709c1b690
SHA1

a7876ba3044196f04d956cf98642538ca71bdd18
SHA256

8bb921e164ccea49485ca346dec333fa2142d670bb7d6e7058faf205957ebc59
SHA512

9a218b20c63f9ecf3a56bbaa0b367eaa85caba15df352ccec9b3c754d5e62fb75a25b967df4245891135e640d4acdbccad524ae719d05b5ede7ac08a623a2c07
SSDEEP

768:o8kXsqXMRKbsc+nJUlez5eYEqT5yXsqJRU7ihG1gfFNsHWP4jBS:907bszJUyeYEocJiu4gfFi2+A

Score

10^/10

tinba banker persistence trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

8bb921e164ccea49485ca346dec333fa2142d670bb7d6e7058faf205957ebc59.exe

Resource

win7-20240221-en

tinba banker persistence trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

8bb921e164ccea49485ca346dec333fa2142d670bb7d6e7058faf205957ebc59.exe

Resource

win10v2004-20240412-en

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  8bb921e164ccea49485ca346dec333fa2142d670bb7d6e7058faf205957ebc59
- Size
  
  60KB
- MD5
  
  4066b03dcae627d0c994bc8709c1b690
- SHA1
  
  a7876ba3044196f04d956cf98642538ca71bdd18
- SHA256
  
  8bb921e164ccea49485ca346dec333fa2142d670bb7d6e7058faf205957ebc59
- SHA512
  
  9a218b20c63f9ecf3a56bbaa0b367eaa85caba15df352ccec9b3c754d5e62fb75a25b967df4245891135e640d4acdbccad524ae719d05b5ede7ac08a623a2c07
- SSDEEP
  
  768:o8kXsqXMRKbsc+nJUlez5eYEqT5yXsqJRU7ihG1gfFNsHWP4jBS:907bszJUyeYEocJiu4gfFi2+A
Score

10^/10

tinba banker persistence trojan upx
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- UPX dump on OEP (original entry point)
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerpersistencetrojanupx

behavioral2

© 2018-2025

Terms | Privacy