tinba | f40ae6c96d18c909ba06d83e6bb41798b7ccb3a2e06871a6e77d6a00bb869873 | Triage

Sharing

General

Target

9b966076ff0ac4e2816aa750296b4dd4_JaffaCakes118
Size

592KB
Sample

241125-p3atvatnfl
MD5

9b966076ff0ac4e2816aa750296b4dd4
SHA1

f099a89102ed6ac966d1a31a353d869ebbde61c2
SHA256

f40ae6c96d18c909ba06d83e6bb41798b7ccb3a2e06871a6e77d6a00bb869873
SHA512

4ee0c86d46bdc50162f0b45ae4602789ed2bed1dfcb9b6b4da0233baebda7dd73cb8489be477219321a2fedab1f7c38b079e41b0f1b5705daa8cb8bf61be3cd2
SSDEEP

6144:CCE6/mUXJ531nIUliViSZbLhaZfvMlLXICg2vj7OyzWxzRazUE1K52u8iqUNr6:i6TOUMBQf0ljW2vj7OyzoRaA+e

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  9b966076ff0ac4e2816aa750296b4dd4_JaffaCakes118
- Size
  
  592KB
- MD5
  
  9b966076ff0ac4e2816aa750296b4dd4
- SHA1
  
  f099a89102ed6ac966d1a31a353d869ebbde61c2
- SHA256
  
  f40ae6c96d18c909ba06d83e6bb41798b7ccb3a2e06871a6e77d6a00bb869873
- SHA512
  
  4ee0c86d46bdc50162f0b45ae4602789ed2bed1dfcb9b6b4da0233baebda7dd73cb8489be477219321a2fedab1f7c38b079e41b0f1b5705daa8cb8bf61be3cd2
- SSDEEP
  
  6144:CCE6/mUXJ531nIUliViSZbLhaZfvMlLXICg2vj7OyzWxzRazUE1K52u8iqUNr6:i6TOUMBQf0ljW2vj7OyzoRaA+e
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2