tinba | 77362afa6a8f86a23fe21729908ff8525c87b07d1e49e178eed54d8e08c8ed05 | Triage

Sharing

General

Target

d298f5d73413c3f4f9bcaea59b1f2970N
Size

34KB
Sample

240914-qkhx6swdqg
MD5

d298f5d73413c3f4f9bcaea59b1f2970
SHA1

779f7b3154f4bf88dfb18a236e4b17738021ada6
SHA256

77362afa6a8f86a23fe21729908ff8525c87b07d1e49e178eed54d8e08c8ed05
SHA512

bde26aab8456f82eea1793c9be6dc5be9f216e997bbe8d4b4b1e909849556130eb6bbabda66f81c510e4f49edabe536c54201e3116400d89838a4080c3041da6
SSDEEP

768:wp22qWFcy5XQ7lO41uirwA98p3MpkNBxd0cJWV6dy/x9J2:wpYoX58z1uirL98xMWnT0OQ9J2

Score

10^/10

tinba banker discovery persistence trojan upx

Malware Config

Targets

- Target
  
  d298f5d73413c3f4f9bcaea59b1f2970N
- Size
  
  34KB
- MD5
  
  d298f5d73413c3f4f9bcaea59b1f2970
- SHA1
  
  779f7b3154f4bf88dfb18a236e4b17738021ada6
- SHA256
  
  77362afa6a8f86a23fe21729908ff8525c87b07d1e49e178eed54d8e08c8ed05
- SHA512
  
  bde26aab8456f82eea1793c9be6dc5be9f216e997bbe8d4b4b1e909849556130eb6bbabda66f81c510e4f49edabe536c54201e3116400d89838a4080c3041da6
- SSDEEP
  
  768:wp22qWFcy5XQ7lO41uirwA98p3MpkNBxd0cJWV6dy/x9J2:wpYoX58z1uirL98xMWnT0OQ9J2
Score

10^/10

tinba banker discovery persistence trojan upx
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojanupx

behavioral2

tinbabankerdiscoverypersistencetrojanupx