tinba | 078c77324aa511bb9e8b772f9a0d72f166779313fabc4c06cfbd14e7529abc46 | Triage

Sharing

General

Target

078c77324aa511bb9e8b772f9a0d72f166779313fabc4c06cfbd14e7529abc46_NeikiAnalytics
Size

50KB
Sample

240521-gdspcsea27
MD5

b43ad751ddcfd26e4ed736f990cda6c0
SHA1

daef7cd4d493c30c4468bc70df1e5eb3fb35cb7a
SHA256

078c77324aa511bb9e8b772f9a0d72f166779313fabc4c06cfbd14e7529abc46
SHA512

5ecb853e684b133faf871c318c011c1b429a2367e9cd542a11a368b2713924df1196fcd10d64e9b6d3b9088bb007b0d59061d49e46d845a8786fc679b52d7186
SSDEEP

768:zlwOcWnZjJ8rj0KRidj+LeOKmTKKUNy3pfF1eOB8NPCjgoiHsz:zJPnZWrBeOKmTeNy3pfLc8esz

Score

10^/10

tinba banker persistence trojan

Malware Config

Targets

- Target
  
  078c77324aa511bb9e8b772f9a0d72f166779313fabc4c06cfbd14e7529abc46_NeikiAnalytics
- Size
  
  50KB
- MD5
  
  b43ad751ddcfd26e4ed736f990cda6c0
- SHA1
  
  daef7cd4d493c30c4468bc70df1e5eb3fb35cb7a
- SHA256
  
  078c77324aa511bb9e8b772f9a0d72f166779313fabc4c06cfbd14e7529abc46
- SHA512
  
  5ecb853e684b133faf871c318c011c1b429a2367e9cd542a11a368b2713924df1196fcd10d64e9b6d3b9088bb007b0d59061d49e46d845a8786fc679b52d7186
- SSDEEP
  
  768:zlwOcWnZjJ8rj0KRidj+LeOKmTKKUNy3pfF1eOB8NPCjgoiHsz:zJPnZWrBeOKmTeNy3pfLc8esz
Score

10^/10

tinba banker persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

tinbabankerpersistencetrojan

behavioral2