tinba | 6ce15bde029bcbc2538f39ecbca4de4a1d3b6487b24808c7dab268b23ccfa973 | Triage

Sharing

General

Target

6ce15bde029bcbc2538f39ecbca4de4a1d3b6487b24808c7dab268b23ccfa973N
Size

237KB
Sample

241027-gt99casldn
MD5

0c85ecc8f988a43728ed95d004bb8cb0
SHA1

cd334a096c46d2685c7919e6da4d90f5d0d1498f
SHA256

6ce15bde029bcbc2538f39ecbca4de4a1d3b6487b24808c7dab268b23ccfa973
SHA512

ac6a77f5bb7a062f5335b42527dc94f35580f22f7b33b81abebabcbaff478422f2afbf15975fa42e71680dcabd46eb080cbdedfdc36a1c97cbbad126ae663b2d
SSDEEP

6144:sA2P27yTAnKGw0hjFhSR/W1nyAJ9v0pMtRCpYQ:sATuTAnKGwUAWVycQqgj

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  6ce15bde029bcbc2538f39ecbca4de4a1d3b6487b24808c7dab268b23ccfa973N
- Size
  
  237KB
- MD5
  
  0c85ecc8f988a43728ed95d004bb8cb0
- SHA1
  
  cd334a096c46d2685c7919e6da4d90f5d0d1498f
- SHA256
  
  6ce15bde029bcbc2538f39ecbca4de4a1d3b6487b24808c7dab268b23ccfa973
- SHA512
  
  ac6a77f5bb7a062f5335b42527dc94f35580f22f7b33b81abebabcbaff478422f2afbf15975fa42e71680dcabd46eb080cbdedfdc36a1c97cbbad126ae663b2d
- SSDEEP
  
  6144:sA2P27yTAnKGw0hjFhSR/W1nyAJ9v0pMtRCpYQ:sATuTAnKGwUAWVycQqgj
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2