tinba | d2182e2e022edb5fd9319c82f7d322f78070ff22dc48e18350b6d18b35d4269a | Triage

Sharing

General

Target

d2182e2e022edb5fd9319c82f7d322f78070ff22dc48e18350b6d18b35d4269aN
Size

58KB
Sample

241103-g7v2ksxfkp
MD5

a05e790741f78a10789cc24c113a87a0
SHA1

effd9251f1786b3307c98bcf09f156684649d245
SHA256

d2182e2e022edb5fd9319c82f7d322f78070ff22dc48e18350b6d18b35d4269a
SHA512

dffe9e4907091112f63faafb58360caca6ce286e689fa2c5a994290ceec83f1385e331bb555ed7569eb5f17710d8b17c832c97de049a3599e028aa6e865129e3
SSDEEP

768:lM5WaKyBevI8OHKA+hmXid6Z9HUEMyerTAzwavKCFC/nGVykmBdwxkpNZsP:m5P2vIg7dNrTAzZv3FaGU5LRm

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  d2182e2e022edb5fd9319c82f7d322f78070ff22dc48e18350b6d18b35d4269aN
- Size
  
  58KB
- MD5
  
  a05e790741f78a10789cc24c113a87a0
- SHA1
  
  effd9251f1786b3307c98bcf09f156684649d245
- SHA256
  
  d2182e2e022edb5fd9319c82f7d322f78070ff22dc48e18350b6d18b35d4269a
- SHA512
  
  dffe9e4907091112f63faafb58360caca6ce286e689fa2c5a994290ceec83f1385e331bb555ed7569eb5f17710d8b17c832c97de049a3599e028aa6e865129e3
- SSDEEP
  
  768:lM5WaKyBevI8OHKA+hmXid6Z9HUEMyerTAzwavKCFC/nGVykmBdwxkpNZsP:m5P2vIg7dNrTAzZv3FaGU5LRm
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2