tinba | 38a0f8bb33531a039f988414296376e2168cb29117d4819769b83548426517e4 | Triage

Sharing

General

Target

a095ebd8c3fa0da0f3d91339b05a2090_JaffaCakes118
Size

120KB
Sample

241126-h9p4saxnbk
MD5

a095ebd8c3fa0da0f3d91339b05a2090
SHA1

9df4f404f194ecb98f893b43e835c0024373358d
SHA256

38a0f8bb33531a039f988414296376e2168cb29117d4819769b83548426517e4
SHA512

86f5f89f2d17bf7b599584ca3fe0c0cc9ada09acd2dd04aefdbd241bfae55e773809b2829573e7e999209cfcaef2eba75e2551c93f0a895039e8127f13de8d07
SSDEEP

1536:zlwmNMSaNSl9GwySUulhjiJcnILQlt+1gH0Ut43+lYGZFFzwWTaa2:zlrNhawBUopiJcIsti3+8

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  a095ebd8c3fa0da0f3d91339b05a2090_JaffaCakes118
- Size
  
  120KB
- MD5
  
  a095ebd8c3fa0da0f3d91339b05a2090
- SHA1
  
  9df4f404f194ecb98f893b43e835c0024373358d
- SHA256
  
  38a0f8bb33531a039f988414296376e2168cb29117d4819769b83548426517e4
- SHA512
  
  86f5f89f2d17bf7b599584ca3fe0c0cc9ada09acd2dd04aefdbd241bfae55e773809b2829573e7e999209cfcaef2eba75e2551c93f0a895039e8127f13de8d07
- SSDEEP
  
  1536:zlwmNMSaNSl9GwySUulhjiJcnILQlt+1gH0Ut43+lYGZFFzwWTaa2:zlrNhawBUopiJcIsti3+8
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2