tinba | 66fc0c144afb18927ba793f131bac3afa379fec65b80f0d5bfac7e91b80d9bc3 | Triage

Sharing

General

Target

66fc0c144afb18927ba793f131bac3afa379fec65b80f0d5bfac7e91b80d9bc3
Size

225KB
Sample

240623-2e2c4syerr
MD5

9eed549759ae5a06b114c2b891778660
SHA1

422d846b2fef66eab815322f46974b581e8ecf59
SHA256

66fc0c144afb18927ba793f131bac3afa379fec65b80f0d5bfac7e91b80d9bc3
SHA512

b14094d0b8f99858fcc6304cf5c225cd27ff2212d6c40bb912d0434dc8ed6d677490702dfae379e2671b1fd202a178d16c61cea419043bd157e87fee0f85bac3
SSDEEP

6144:nA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:nATuTAnKGwUAW3ycQqgf

Score

10^/10

tinba banker persistence trojan

Malware Config

Targets

- Target
  
  66fc0c144afb18927ba793f131bac3afa379fec65b80f0d5bfac7e91b80d9bc3
- Size
  
  225KB
- MD5
  
  9eed549759ae5a06b114c2b891778660
- SHA1
  
  422d846b2fef66eab815322f46974b581e8ecf59
- SHA256
  
  66fc0c144afb18927ba793f131bac3afa379fec65b80f0d5bfac7e91b80d9bc3
- SHA512
  
  b14094d0b8f99858fcc6304cf5c225cd27ff2212d6c40bb912d0434dc8ed6d677490702dfae379e2671b1fd202a178d16c61cea419043bd157e87fee0f85bac3
- SSDEEP
  
  6144:nA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:nATuTAnKGwUAW3ycQqgf
Score

10^/10

tinba banker persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

tinbabankerpersistencetrojan

behavioral2