tinba | 9ed1ca5abc21900ace25a5c9150e29fcba7be1dfc69005177ef96bab882c83cd | Triage

Sharing

General

Target

9ed1ca5abc21900ace25a5c9150e29fcba7be1dfc69005177ef96bab882c83cd
Size

152KB
Sample

240926-apnffswdkp
MD5

89f1346f40546ccaa06adca349b30be8
SHA1

e454612ef88a5f41890fa7a5d95c46b945537129
SHA256

9ed1ca5abc21900ace25a5c9150e29fcba7be1dfc69005177ef96bab882c83cd
SHA512

7df3421389f90746297507ae11845a56df0ccbaa918d1ae8c5257a1da55f71b802b88205eaf669e8a5f6a7d459d07ddfa6b1f68a467ef0fad4bc5f0e0cc6007e
SSDEEP

1536:c6myQm5x9jSp42U/35fK6q+vMoGMaK9aWLwbOB0QQiz:Nn3Wy2w5fK6tvFt9aW+Ozfz

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  9ed1ca5abc21900ace25a5c9150e29fcba7be1dfc69005177ef96bab882c83cd
- Size
  
  152KB
- MD5
  
  89f1346f40546ccaa06adca349b30be8
- SHA1
  
  e454612ef88a5f41890fa7a5d95c46b945537129
- SHA256
  
  9ed1ca5abc21900ace25a5c9150e29fcba7be1dfc69005177ef96bab882c83cd
- SHA512
  
  7df3421389f90746297507ae11845a56df0ccbaa918d1ae8c5257a1da55f71b802b88205eaf669e8a5f6a7d459d07ddfa6b1f68a467ef0fad4bc5f0e0cc6007e
- SSDEEP
  
  1536:c6myQm5x9jSp42U/35fK6q+vMoGMaK9aWLwbOB0QQiz:Nn3Wy2w5fK6tvFt9aW+Ozfz
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2