tinba | 3ee6f31ed94b3ed3f02e62778bc3472f63034ddc8e6a4a0082726e21e30ac2c5 | Triage

Sharing

General

Target

a9fbf61ff4a088d1dadcd4f6fddb36f5_JaffaCakes118
Size

370KB
Sample

241127-2tq6pazqbm
MD5

a9fbf61ff4a088d1dadcd4f6fddb36f5
SHA1

c41b0b4338cb740fe3239140bc28843e3dfa104c
SHA256

3ee6f31ed94b3ed3f02e62778bc3472f63034ddc8e6a4a0082726e21e30ac2c5
SHA512

a2a8c66bd4ef23277e83a14cd3cdadf87a2e94d33054fbafdb3dfa8cdfe7417ae2d93775e556899f93a314d45eed6b8109e64adc8b054f0f1d6ef0cdf4e97584
SSDEEP

6144:cCE6/mUXJ531nIUliViSZbLhaZfvMlLXICgc:c6TOUMBQf0ljWc

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  a9fbf61ff4a088d1dadcd4f6fddb36f5_JaffaCakes118
- Size
  
  370KB
- MD5
  
  a9fbf61ff4a088d1dadcd4f6fddb36f5
- SHA1
  
  c41b0b4338cb740fe3239140bc28843e3dfa104c
- SHA256
  
  3ee6f31ed94b3ed3f02e62778bc3472f63034ddc8e6a4a0082726e21e30ac2c5
- SHA512
  
  a2a8c66bd4ef23277e83a14cd3cdadf87a2e94d33054fbafdb3dfa8cdfe7417ae2d93775e556899f93a314d45eed6b8109e64adc8b054f0f1d6ef0cdf4e97584
- SSDEEP
  
  6144:cCE6/mUXJ531nIUliViSZbLhaZfvMlLXICgc:c6TOUMBQf0ljWc
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2