tinba | e6a9b4f9b5f7eefa8869022a59e6bc6327ab74fff1819feb907c0de939a272cb | Triage

Sharing

General

Target

65c62d6bb00bdd797b287553cc7d841b.zip
Size

40KB
Sample

240903-lghqsathra
MD5

48059b26f0d1faf5c0dba32a23fe1dec
SHA1

3cbdebc55fa7df8dbf3f6d0d748244b192ea5030
SHA256

e6a9b4f9b5f7eefa8869022a59e6bc6327ab74fff1819feb907c0de939a272cb
SHA512

e6eca10e6bc1747491c8ed8cdad24eeeea92a50af42a0301787b3496e958f81489946d70f2efedf2c53bd80278801283ce6a609cb63e4d031d33be82586333c5
SSDEEP

768:iDLFLAABP4gqU2vPf5gFTUybWBNabjai3wqTftIpq4Lxpa7R4WtbG3Nn4DfM9aR:iHyANI5vpgFTYkTwqTftS7mNtid4DfM8

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  8d389194a6aa4dc6aa6165a9bdc9095fb6eb4d55c76797fd458128721ac2ba6c
- Size
  
  96KB
- MD5
  
  65c62d6bb00bdd797b287553cc7d841b
- SHA1
  
  da69dd05a4887f5a8e27cbacd3801caea1abcfae
- SHA256
  
  8d389194a6aa4dc6aa6165a9bdc9095fb6eb4d55c76797fd458128721ac2ba6c
- SHA512
  
  e6149ef7ddfc0d55b45ce5e4802ba065831d5954490702b7eca706de0d0a9a83b8d0a28f09ea5544dbd01ad61d17bafb52c39675cfeace611df0d26c51c1ceb6
- SSDEEP
  
  1536:1iLOvRmmQegJW3aOgBbmAQ256/ZrwWnwqjhurmKFct:1iyvRmQKTLs/ZrwWJjAqGct
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2

tinbabankerdiscoverypersistencetrojan