tinba | 75430b8cd13f3974be5950f0a84bcf23b31d4199c17e729e804d9dddffbc8b3a | Triage

Sharing

General

Target

ee89e82c51798054330bde81a91b90bd_JaffaCakes118
Size

58KB
Sample

240920-2anw8a1hkn
MD5

ee89e82c51798054330bde81a91b90bd
SHA1

b595851947765db51c023cb8459fc8b0f43c17d0
SHA256

75430b8cd13f3974be5950f0a84bcf23b31d4199c17e729e804d9dddffbc8b3a
SHA512

38767a67f1dcfac76e26686739471930ef539cd17f7f60852c5569ca754096583b3acc7d90c12458ffd988a6008ec2b41874ca38288165829bb3f7319ea24ae0
SSDEEP

1536:OiDr//u2Vc4gUydEdwhjgBXyu4imaZiliDr//kk0PuT1mT+Qt:OivuEwliv4Puyt

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  ee89e82c51798054330bde81a91b90bd_JaffaCakes118
- Size
  
  58KB
- MD5
  
  ee89e82c51798054330bde81a91b90bd
- SHA1
  
  b595851947765db51c023cb8459fc8b0f43c17d0
- SHA256
  
  75430b8cd13f3974be5950f0a84bcf23b31d4199c17e729e804d9dddffbc8b3a
- SHA512
  
  38767a67f1dcfac76e26686739471930ef539cd17f7f60852c5569ca754096583b3acc7d90c12458ffd988a6008ec2b41874ca38288165829bb3f7319ea24ae0
- SSDEEP
  
  1536:OiDr//u2Vc4gUydEdwhjgBXyu4imaZiliDr//kk0PuT1mT+Qt:OivuEwliv4Puyt
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2