tinba | db22ed4059ac26c750bd0894b92cf9a30ca2c0ecf4ab572dd7c8f59d973188d8 | Triage

Sharing

General

Target

004102493fba2aae71e3bf9ef44c4bf4_JaffaCakes118
Size

136KB
Sample

240426-h2j8kabe27
MD5

004102493fba2aae71e3bf9ef44c4bf4
SHA1

9a27834eb538ea041fc170ed4e1179b9d3ad94f1
SHA256

db22ed4059ac26c750bd0894b92cf9a30ca2c0ecf4ab572dd7c8f59d973188d8
SHA512

18015ca7327e8f919338960016ee33927eb5e5b1a156a7449e6709898d2268ae8abc00f0c3511501a4224777789ca519752a6631cf79190fc42ef99c466460fa
SSDEEP

3072:NJmGKw0BiaynVRDwFwaSNDe1Fclgr+0StmnJza3yD/C8:+1w0Bfjwve1FbRWmYiZ

Score

10^/10

tinba banker persistence trojan

Malware Config

Targets

- Target
  
  004102493fba2aae71e3bf9ef44c4bf4_JaffaCakes118
- Size
  
  136KB
- MD5
  
  004102493fba2aae71e3bf9ef44c4bf4
- SHA1
  
  9a27834eb538ea041fc170ed4e1179b9d3ad94f1
- SHA256
  
  db22ed4059ac26c750bd0894b92cf9a30ca2c0ecf4ab572dd7c8f59d973188d8
- SHA512
  
  18015ca7327e8f919338960016ee33927eb5e5b1a156a7449e6709898d2268ae8abc00f0c3511501a4224777789ca519752a6631cf79190fc42ef99c466460fa
- SSDEEP
  
  3072:NJmGKw0BiaynVRDwFwaSNDe1Fclgr+0StmnJza3yD/C8:+1w0Bfjwve1FbRWmYiZ
Score

10^/10

tinba banker persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerpersistencetrojan

behavioral2

tinbabankerpersistencetrojan