tinba | b793758547c3b10de50b7083faea4986af5bceda03d05a0788cc58024e22694b | Triage

Sharing

General

Target

27ee51008c367487617a406a1dde067b_JaffaCakes118
Size

160KB
Sample

241009-a32v1aygld
MD5

27ee51008c367487617a406a1dde067b
SHA1

ddcafd656d35b545190f1eb744e70e03988c4de0
SHA256

b793758547c3b10de50b7083faea4986af5bceda03d05a0788cc58024e22694b
SHA512

f2cd90abc5f3e4b9b36d73f368ef2a1b11c78d4addd7c021b3c5c9bff0682808180030d8c8498ab81df40c6a67bac36fcaf014de358ca23bee1f71cf1da2116a
SSDEEP

1536:YEY+mFM2HXKZgi0Iksu+XM5/HtAQ9J6xph:bY+4MiIkLZJNAQ9J6v

Score

10^/10

tinba banker discovery persistence trojan upx

Malware Config

Targets

- Target
  
  27ee51008c367487617a406a1dde067b_JaffaCakes118
- Size
  
  160KB
- MD5
  
  27ee51008c367487617a406a1dde067b
- SHA1
  
  ddcafd656d35b545190f1eb744e70e03988c4de0
- SHA256
  
  b793758547c3b10de50b7083faea4986af5bceda03d05a0788cc58024e22694b
- SHA512
  
  f2cd90abc5f3e4b9b36d73f368ef2a1b11c78d4addd7c021b3c5c9bff0682808180030d8c8498ab81df40c6a67bac36fcaf014de358ca23bee1f71cf1da2116a
- SSDEEP
  
  1536:YEY+mFM2HXKZgi0Iksu+XM5/HtAQ9J6xph:bY+4MiIkLZJNAQ9J6v
Score

10^/10

tinba banker discovery persistence trojan upx
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojanupx

behavioral2

tinbabankerdiscoverypersistencetrojanupx