tinba | a1358bbe4e82bd17ddb26c066b4cb1a4fcd33ec54ccc7471e03c547c78273368 | Triage

Sharing

General

Target

a1358bbe4e82bd17ddb26c066b4cb1a4fcd33ec54ccc7471e03c547c78273368
Size

164KB
Sample

241109-cbcsxavcpe
MD5

aaa769c0ba3ae00242f5a9073d2fd77b
SHA1

715d5fea66607ebe2f806aaa5f920b83c8834f49
SHA256

a1358bbe4e82bd17ddb26c066b4cb1a4fcd33ec54ccc7471e03c547c78273368
SHA512

60e98fc9c488e1918914fbb3a49fd5d8cd0af55b6df92ec9af5516f173d3962bf894e7c7045450215908b17294d93f0b038fe59602e3f859db22e8c7d7ba0eea
SSDEEP

3072:GBLOSC0BiaynVRNNFwaSNDe1Fclgr+0StmnJza3yD/CLO:BSC0Bf8wve1FbRWmYi4O

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  a1358bbe4e82bd17ddb26c066b4cb1a4fcd33ec54ccc7471e03c547c78273368
- Size
  
  164KB
- MD5
  
  aaa769c0ba3ae00242f5a9073d2fd77b
- SHA1
  
  715d5fea66607ebe2f806aaa5f920b83c8834f49
- SHA256
  
  a1358bbe4e82bd17ddb26c066b4cb1a4fcd33ec54ccc7471e03c547c78273368
- SHA512
  
  60e98fc9c488e1918914fbb3a49fd5d8cd0af55b6df92ec9af5516f173d3962bf894e7c7045450215908b17294d93f0b038fe59602e3f859db22e8c7d7ba0eea
- SSDEEP
  
  3072:GBLOSC0BiaynVRNNFwaSNDe1Fclgr+0StmnJza3yD/CLO:BSC0Bf8wve1FbRWmYi4O
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2