tinba | 5156c46a75424fe58b6f120445dd703c3fa349bc64003ac727ee9f44ab0de552 | Triage

Sharing

General

Target

5156c46a75424fe58b6f120445dd703c3fa349bc64003ac727ee9f44ab0de552N
Size

164KB
Sample

241110-l46fcsvbnl
MD5

99253e52818cc1159a712dd95be38870
SHA1

e4bc9f7c20088b9d885ddbf906cfa76788356bb3
SHA256

5156c46a75424fe58b6f120445dd703c3fa349bc64003ac727ee9f44ab0de552
SHA512

b565d7f1b7555cb08ae9199386b4ec3b79365144022a726b84fe0c3c0d25872de54da179169aa25d4c0220db660d422bf540a2be1084f4dfd36922ac7549beab
SSDEEP

3072:kBLOSC0BiaynVRNNFwaSNDe1Fclgr+0StmnJza3yD/CLO:/SC0Bf8wve1FbRWmYi4O

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  5156c46a75424fe58b6f120445dd703c3fa349bc64003ac727ee9f44ab0de552N
- Size
  
  164KB
- MD5
  
  99253e52818cc1159a712dd95be38870
- SHA1
  
  e4bc9f7c20088b9d885ddbf906cfa76788356bb3
- SHA256
  
  5156c46a75424fe58b6f120445dd703c3fa349bc64003ac727ee9f44ab0de552
- SHA512
  
  b565d7f1b7555cb08ae9199386b4ec3b79365144022a726b84fe0c3c0d25872de54da179169aa25d4c0220db660d422bf540a2be1084f4dfd36922ac7549beab
- SSDEEP
  
  3072:kBLOSC0BiaynVRNNFwaSNDe1Fclgr+0StmnJza3yD/CLO:/SC0Bf8wve1FbRWmYi4O
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2