tinba | 0f6d1c45825108a477f9aac5a1c77204ca5d547e6131e409761f16b224142fd7 | Triage

Sharing

General

Target

f524d707ab8cda9f0e1e3f8625245018_JaffaCakes118
Size

370KB
Sample

240925-epp2haxeja
MD5

f524d707ab8cda9f0e1e3f8625245018
SHA1

dcdc1cca702c92495a111a2eb11959178bfd5ac4
SHA256

0f6d1c45825108a477f9aac5a1c77204ca5d547e6131e409761f16b224142fd7
SHA512

eb22c0c0711b2390e790db66305f22a73ec98097f3c5f9fa9783bae6472a2c689eb2c4c38de4ee519171f4b4e624025b3839689674ee3705fbe09a6b6e0405ad
SSDEEP

6144:SCE6/mUXJ531nIUliViSZbLhaZfvMlLXICgc:y6TOUMBQf0ljWc

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  f524d707ab8cda9f0e1e3f8625245018_JaffaCakes118
- Size
  
  370KB
- MD5
  
  f524d707ab8cda9f0e1e3f8625245018
- SHA1
  
  dcdc1cca702c92495a111a2eb11959178bfd5ac4
- SHA256
  
  0f6d1c45825108a477f9aac5a1c77204ca5d547e6131e409761f16b224142fd7
- SHA512
  
  eb22c0c0711b2390e790db66305f22a73ec98097f3c5f9fa9783bae6472a2c689eb2c4c38de4ee519171f4b4e624025b3839689674ee3705fbe09a6b6e0405ad
- SSDEEP
  
  6144:SCE6/mUXJ531nIUliViSZbLhaZfvMlLXICgc:y6TOUMBQf0ljWc
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2