tinba | a87231d678ab6489f9aab44a568fe454c8ec0eaafb94b5e1d5a8f82b167a01cc | Triage

Sharing

General

Target

a87231d678ab6489f9aab44a568fe454c8ec0eaafb94b5e1d5a8f82b167a01ccN
Size

152KB
Sample

241027-rgnjxsygrn
MD5

31f3867cfc5cc34e70281f1f630edbb0
SHA1

3c4ff21af64d5156f75499f4308a463405ccb08a
SHA256

a87231d678ab6489f9aab44a568fe454c8ec0eaafb94b5e1d5a8f82b167a01cc
SHA512

f1e746cc87b254fe7f9b16ee19f309baddefb59fed4d01063fb5e273e33deaa9175983d8b954bf22d5f4620631d228f50c7ed617ca9a62d8b1789369e347e836
SSDEEP

1536:a6myQm5x9jSp42U/35fK6q+vMoGMaK9aWLwbOB0QQiz:fn3Wy2w5fK6tvFt9aW+Ozfz

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  a87231d678ab6489f9aab44a568fe454c8ec0eaafb94b5e1d5a8f82b167a01ccN
- Size
  
  152KB
- MD5
  
  31f3867cfc5cc34e70281f1f630edbb0
- SHA1
  
  3c4ff21af64d5156f75499f4308a463405ccb08a
- SHA256
  
  a87231d678ab6489f9aab44a568fe454c8ec0eaafb94b5e1d5a8f82b167a01cc
- SHA512
  
  f1e746cc87b254fe7f9b16ee19f309baddefb59fed4d01063fb5e273e33deaa9175983d8b954bf22d5f4620631d228f50c7ed617ca9a62d8b1789369e347e836
- SSDEEP
  
  1536:a6myQm5x9jSp42U/35fK6q+vMoGMaK9aWLwbOB0QQiz:fn3Wy2w5fK6tvFt9aW+Ozfz
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2