tinba | 69ae78f003483214915bfa9b8502affbf52d2f98195e74a73c7843d17f0e2479 | Triage

Sharing

General

Target

c91cba1eef413febb2f0387c37c1f950_NeikiAnalytics.exe
Size

45KB
Sample

240526-mble6afe74
MD5

c91cba1eef413febb2f0387c37c1f950
SHA1

b60091916937639d5d96fda8e3076da93ab21e59
SHA256

69ae78f003483214915bfa9b8502affbf52d2f98195e74a73c7843d17f0e2479
SHA512

a219c3c3ed321dc0f3d208f064b3311c78491fed145f46b61bc86dbaf75b8485b5871d790c7c7ce77c47a1fa5132111123ad3ab17b2455dbb6bcaf56c14a9f8d
SSDEEP

768:yhP0kDE9N5dCA8J7VHXdrIniQaBTT+QQ+r1n4K8+C9TtIuCjaqUODvJVQ2f:+sWE9N5dFu53dsniQaB/xZ14n7zIF+qr

Score

10^/10

tinba banker persistence trojan upx

Malware Config

Targets

- Target
  
  c91cba1eef413febb2f0387c37c1f950_NeikiAnalytics.exe
- Size
  
  45KB
- MD5
  
  c91cba1eef413febb2f0387c37c1f950
- SHA1
  
  b60091916937639d5d96fda8e3076da93ab21e59
- SHA256
  
  69ae78f003483214915bfa9b8502affbf52d2f98195e74a73c7843d17f0e2479
- SHA512
  
  a219c3c3ed321dc0f3d208f064b3311c78491fed145f46b61bc86dbaf75b8485b5871d790c7c7ce77c47a1fa5132111123ad3ab17b2455dbb6bcaf56c14a9f8d
- SSDEEP
  
  768:yhP0kDE9N5dCA8J7VHXdrIniQaBTT+QQ+r1n4K8+C9TtIuCjaqUODvJVQ2f:+sWE9N5dFu53dsniQaB/xZ14n7zIF+qr
Score

10^/10

tinba banker persistence trojan upx
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

tinbabankerpersistencetrojanupx

behavioral2

tinbabankerpersistencetrojanupx