tinba | 09b7d02191ef724b6a1a0289a95e6ff3a378758f0d01b80fdaa688bda09f11f0 | Triage

Sharing

General

Target

80f4ac522e4d863e580fd20604a71890.bin
Size

58KB
Sample

240602-bzszcsfa42
MD5

80f4ac522e4d863e580fd20604a71890
SHA1

daaf9f7c9d60b9b0959481d94a01d05099dc5847
SHA256

09b7d02191ef724b6a1a0289a95e6ff3a378758f0d01b80fdaa688bda09f11f0
SHA512

3543037a73b86470ecc00d7c06ee8288340072c354ee845d8b9c1195389337de612e2691ebbe2c9012fae19111fb0f0106b9147a8ba4f13dea05baa373163286
SSDEEP

768:2NMbiFKoELVxrcCsUmWkpbrD7GpxkTIzQMBIm6aNGyUwq9JaTovtebSo:2WBoEcCsUVEbr+BZG1CutY

Score

10^/10

tinba banker persistence trojan

Malware Config

Targets

- Target
  
  80f4ac522e4d863e580fd20604a71890.bin
- Size
  
  58KB
- MD5
  
  80f4ac522e4d863e580fd20604a71890
- SHA1
  
  daaf9f7c9d60b9b0959481d94a01d05099dc5847
- SHA256
  
  09b7d02191ef724b6a1a0289a95e6ff3a378758f0d01b80fdaa688bda09f11f0
- SHA512
  
  3543037a73b86470ecc00d7c06ee8288340072c354ee845d8b9c1195389337de612e2691ebbe2c9012fae19111fb0f0106b9147a8ba4f13dea05baa373163286
- SSDEEP
  
  768:2NMbiFKoELVxrcCsUmWkpbrD7GpxkTIzQMBIm6aNGyUwq9JaTovtebSo:2WBoEcCsUVEbr+BZG1CutY
Score

10^/10

tinba banker persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

tinbabankerpersistencetrojan