tinba | 48defed1049429cf6c93c7d81fc80867ca8e03ec7f0efedf0360ff122064909a | Triage

Sharing

General

Target

48defed1049429cf6c93c7d81fc80867ca8e03ec7f0efedf0360ff122064909aN
Size

106KB
Sample

241105-yblxgaxhjk
MD5

bbaecd6206813b81936c325bafb10c80
SHA1

3664e0065107723c2a21f0c27b49b3dd41b301d7
SHA256

48defed1049429cf6c93c7d81fc80867ca8e03ec7f0efedf0360ff122064909a
SHA512

38161085c49c4323fcaeefd3defb393bead9ead05baa2a3ad8a4ec586176ad67c30c57ec319df92fea7584b3a5780073ace23e30c87afc2f3ba89536fdb727d4
SSDEEP

768:b+6p+OMlgGXCWhfDzU7f0JDgi9I57+sByZ+XsfXpwtG9ipelU9JA:b+mFM2QXtZgi9Iksu+XM57ipeq9JA

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  48defed1049429cf6c93c7d81fc80867ca8e03ec7f0efedf0360ff122064909aN
- Size
  
  106KB
- MD5
  
  bbaecd6206813b81936c325bafb10c80
- SHA1
  
  3664e0065107723c2a21f0c27b49b3dd41b301d7
- SHA256
  
  48defed1049429cf6c93c7d81fc80867ca8e03ec7f0efedf0360ff122064909a
- SHA512
  
  38161085c49c4323fcaeefd3defb393bead9ead05baa2a3ad8a4ec586176ad67c30c57ec319df92fea7584b3a5780073ace23e30c87afc2f3ba89536fdb727d4
- SSDEEP
  
  768:b+6p+OMlgGXCWhfDzU7f0JDgi9I57+sByZ+XsfXpwtG9ipelU9JA:b+mFM2QXtZgi9Iksu+XM57ipeq9JA
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2

tinbabankerdiscoverypersistencetrojan