tinba | 47127344123617a651d68be1373704fe2adbac1a3c4ca5493b5cb7d44657335b | Triage

Sharing

General

Target

47127344123617a651d68be1373704fe2adbac1a3c4ca5493b5cb7d44657335b_NeikiAnalytics.exe
Size

225KB
Sample

240624-gt352asdqn
MD5

cac0326d71456a68e3021f43480010f0
SHA1

49a14f7fa75365d16ecccc5bd0a43b1025c3d197
SHA256

47127344123617a651d68be1373704fe2adbac1a3c4ca5493b5cb7d44657335b
SHA512

0055ec191fcd976ab97b6db28fd5ac4f40d1c540b102d6af4909e8eca836245c0f1356c81de4df833e0a50e227f6ecb5ac20a88d4863d0f06d1af2ebe00fcd3b
SSDEEP

6144:CA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:CATuTAnKGwUAW3ycQqgf

Score

10^/10

tinba banker persistence trojan

Malware Config

Targets

- Target
  
  47127344123617a651d68be1373704fe2adbac1a3c4ca5493b5cb7d44657335b_NeikiAnalytics.exe
- Size
  
  225KB
- MD5
  
  cac0326d71456a68e3021f43480010f0
- SHA1
  
  49a14f7fa75365d16ecccc5bd0a43b1025c3d197
- SHA256
  
  47127344123617a651d68be1373704fe2adbac1a3c4ca5493b5cb7d44657335b
- SHA512
  
  0055ec191fcd976ab97b6db28fd5ac4f40d1c540b102d6af4909e8eca836245c0f1356c81de4df833e0a50e227f6ecb5ac20a88d4863d0f06d1af2ebe00fcd3b
- SSDEEP
  
  6144:CA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:CATuTAnKGwUAW3ycQqgf
Score

10^/10

tinba banker persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

tinbabankerpersistencetrojan

behavioral2