tinba | 2beb88afa4c3293925fc8175d654d135c60e4aa5303616ab13f040a771370411 | Triage

Sharing

General

Target

02cf184b6b3655d8a8cfc46d3ad98130_JaffaCakes118
Size

98KB
Sample

240427-j54baaee76
MD5

02cf184b6b3655d8a8cfc46d3ad98130
SHA1

d0fa3b894c09f856e9c882d922a9d288c23e0a38
SHA256

2beb88afa4c3293925fc8175d654d135c60e4aa5303616ab13f040a771370411
SHA512

3a3b6dd96c2bdfe5f9ca0b7297173cf9d454ac9c1ea61387900cfc782ab000dc858c287eb5ffea154248b212dcfb26b1b7b5f026485fdfe3e76fdca7bd0d0407
SSDEEP

1536:0MWO4O9IR5Zw1WvO1+QrK/F2BZhWv0ua/Kub/HPHn5ujt+UYxPfMVxe:0ML4O96w0G1+au2BZhWMuaCwv4IPf1

Score

10^/10

tinba banker persistence trojan

Malware Config

Targets

- Target
  
  02cf184b6b3655d8a8cfc46d3ad98130_JaffaCakes118
- Size
  
  98KB
- MD5
  
  02cf184b6b3655d8a8cfc46d3ad98130
- SHA1
  
  d0fa3b894c09f856e9c882d922a9d288c23e0a38
- SHA256
  
  2beb88afa4c3293925fc8175d654d135c60e4aa5303616ab13f040a771370411
- SHA512
  
  3a3b6dd96c2bdfe5f9ca0b7297173cf9d454ac9c1ea61387900cfc782ab000dc858c287eb5ffea154248b212dcfb26b1b7b5f026485fdfe3e76fdca7bd0d0407
- SSDEEP
  
  1536:0MWO4O9IR5Zw1WvO1+QrK/F2BZhWv0ua/Kub/HPHn5ujt+UYxPfMVxe:0ML4O96w0G1+au2BZhWMuaCwv4IPf1
Score

10^/10

tinba banker persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

tinbabankerpersistencetrojan

behavioral2