tinba | 989fc2fa2a1a57672bbc9d8ed02463000769c9e69508e4c0f9c8bedbbe53d565 | Triage

Sharing

General

Target

9881d442ed201a323c7055ab8b1b0cc0_JaffaCakes118
Size

66KB
Sample

241125-cbb7daxnfp
MD5

9881d442ed201a323c7055ab8b1b0cc0
SHA1

17aa80f38cf28046230d590c9a9840503bb911ec
SHA256

989fc2fa2a1a57672bbc9d8ed02463000769c9e69508e4c0f9c8bedbbe53d565
SHA512

0fdc4276af603eff1188f98d81972b98f0c7a4a20fde9ee2f49e1dd657e244e2115f9974e706fc0f2b2adf8fcf2fbcb30c179e8e04fb5427844ca89390cbfe4f
SSDEEP

1536:ZijoqOkSvphHP1HDYObBAG88zff0B/xDy9QqqVspi3IHBR20A9h6:ZA7iphHF3lacn0BJoQVmpiqGb6

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  2015-07-27 10.34.06 voice.wav.exe
- Size
  
  100KB
- MD5
  
  8af1ac4476bd48388fd690c6bdf82eb8
- SHA1
  
  9541efff429a869992c046a81d4a04842835e1ce
- SHA256
  
  d445d97c79e6578a194e85619ab0183d930ac4041b73210582f04b4a6d6300ad
- SHA512
  
  dd735d40f46236d0d5805347f107c3f276b60154735537faf9f82f20a9f2d2d6d28db08e0894ed3a810c484d9d18fedaa55da050de5af9c577deb63d3d020e1e
- SSDEEP
  
  1536:YryIOzqdHP1HDYObBAG88zff0B/xDy9Qq/dU1+K975AnpUH/rT6Ic:QzdHF3lacn0BJoQGUQKDgp0/36z
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2

tinbabankerdiscoverypersistencetrojan