tinba | c557059ce1d2553d50d611893ca162f2a1808c232c4c118e8b1b1b2d37a9a8a5 | Triage

Sharing

General

Target

099390d3d8f80c3a98e92d3c783048d9_JaffaCakes118
Size

160KB
Sample

241002-jfqnwsvaqj
MD5

099390d3d8f80c3a98e92d3c783048d9
SHA1

119e2bc9144422abb28f7d80b56f32d3e81eeac1
SHA256

c557059ce1d2553d50d611893ca162f2a1808c232c4c118e8b1b1b2d37a9a8a5
SHA512

ec4f2c7836a72c68dc462c8eca38b8a79414e922013bc75a406a4c67d2b3c4dc1de2f0fd51e2145e4b0397d86e5f5924487d0d95d24e224a02966f99451b59c5
SSDEEP

1536:6EY+mFM2HXKZgi0Iksu+XM5/HtAQ9J6xph:xY+4MiIkLZJNAQ9J6v

Score

10^/10

tinba banker discovery persistence trojan upx

Malware Config

Targets

- Target
  
  099390d3d8f80c3a98e92d3c783048d9_JaffaCakes118
- Size
  
  160KB
- MD5
  
  099390d3d8f80c3a98e92d3c783048d9
- SHA1
  
  119e2bc9144422abb28f7d80b56f32d3e81eeac1
- SHA256
  
  c557059ce1d2553d50d611893ca162f2a1808c232c4c118e8b1b1b2d37a9a8a5
- SHA512
  
  ec4f2c7836a72c68dc462c8eca38b8a79414e922013bc75a406a4c67d2b3c4dc1de2f0fd51e2145e4b0397d86e5f5924487d0d95d24e224a02966f99451b59c5
- SSDEEP
  
  1536:6EY+mFM2HXKZgi0Iksu+XM5/HtAQ9J6xph:xY+4MiIkLZJNAQ9J6v
Score

10^/10

tinba banker discovery persistence trojan upx
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojanupx

behavioral2

tinbabankerdiscoverypersistencetrojanupx