tinba | baf8d5aa1f8fc433e8220e5ea413c09e91e19e6f7f802cd7c1331f63417e9042 | Triage

Sharing

General

Target

baf8d5aa1f8fc433e8220e5ea413c09e91e19e6f7f802cd7c1331f63417e9042
Size

237KB
Sample

240704-dfptpssgkd
MD5

26d5a8fb64fa5ec2fe88b4486dc296ec
SHA1

b44193b1d8d9f9049b411b85751b4d338d04b14d
SHA256

baf8d5aa1f8fc433e8220e5ea413c09e91e19e6f7f802cd7c1331f63417e9042
SHA512

345a4c2d8cc08ac15f55abe9d16f1f7a58d303f08a6be93d27d3e12640428f6e769c533ba70a3e18fe6fd6089a209902d37fff5d4690c7c0fb03afc7b47d1c9a
SSDEEP

6144:WA2P27yTAnKGw0hjFhSR/W1nyAJ9v0pMtRCpYQ:WATuTAnKGwUAWVycQqgj

Score

10^/10

tinba banker persistence trojan

Malware Config

Targets

- Target
  
  baf8d5aa1f8fc433e8220e5ea413c09e91e19e6f7f802cd7c1331f63417e9042
- Size
  
  237KB
- MD5
  
  26d5a8fb64fa5ec2fe88b4486dc296ec
- SHA1
  
  b44193b1d8d9f9049b411b85751b4d338d04b14d
- SHA256
  
  baf8d5aa1f8fc433e8220e5ea413c09e91e19e6f7f802cd7c1331f63417e9042
- SHA512
  
  345a4c2d8cc08ac15f55abe9d16f1f7a58d303f08a6be93d27d3e12640428f6e769c533ba70a3e18fe6fd6089a209902d37fff5d4690c7c0fb03afc7b47d1c9a
- SSDEEP
  
  6144:WA2P27yTAnKGw0hjFhSR/W1nyAJ9v0pMtRCpYQ:WATuTAnKGwUAWVycQqgj
Score

10^/10

tinba banker persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

tinbabankerpersistencetrojan

behavioral2