tinba | c15a543afb203ae2e42a287330d52f9aca6510dbdeeeaa9cb62489994e76d3b5 | Triage

Sharing

General

Target

32d2c357396792ff1c89151f4fb0bb44_JaffaCakes118
Size

160KB
Sample

241011-chxfwszcpa
MD5

32d2c357396792ff1c89151f4fb0bb44
SHA1

8420babb34465867d43dad601d8fb0921f184be5
SHA256

c15a543afb203ae2e42a287330d52f9aca6510dbdeeeaa9cb62489994e76d3b5
SHA512

8f01b02a57a59ccc740f59cb697f93ecacdba8200f86c6131e445b56fed19a78e9a02554e3ea4e0feda12ec73c09c8223bb641246e9dc043f5294131e0f7d499
SSDEEP

1536:VEY+mFM2HXKZgi0Iksu+XM5/HtAQ9J6xph:+Y+4MiIkLZJNAQ9J6v

Score

10^/10

tinba banker discovery persistence trojan upx

Malware Config

Targets

- Target
  
  32d2c357396792ff1c89151f4fb0bb44_JaffaCakes118
- Size
  
  160KB
- MD5
  
  32d2c357396792ff1c89151f4fb0bb44
- SHA1
  
  8420babb34465867d43dad601d8fb0921f184be5
- SHA256
  
  c15a543afb203ae2e42a287330d52f9aca6510dbdeeeaa9cb62489994e76d3b5
- SHA512
  
  8f01b02a57a59ccc740f59cb697f93ecacdba8200f86c6131e445b56fed19a78e9a02554e3ea4e0feda12ec73c09c8223bb641246e9dc043f5294131e0f7d499
- SSDEEP
  
  1536:VEY+mFM2HXKZgi0Iksu+XM5/HtAQ9J6xph:+Y+4MiIkLZJNAQ9J6v
Score

10^/10

tinba banker discovery persistence trojan upx
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojanupx

behavioral2

tinbabankerdiscoverypersistencetrojanupx