tinba | 2da5be2a7cc6cd8cf795aecdeaa3bf9a38e8ccb8d88163670558ab33cc18c471 | Triage

Sharing

General

Target

2da5be2a7cc6cd8cf795aecdeaa3bf9a38e8ccb8d88163670558ab33cc18c471
Size

610KB
Sample

241127-z2y56awrgr
MD5

7f36399c44d00c1d3a80df0f20d8c025
SHA1

471d8e5511f58a37f8f4f4936cc2ceb9773abea4
SHA256

2da5be2a7cc6cd8cf795aecdeaa3bf9a38e8ccb8d88163670558ab33cc18c471
SHA512

3b28ee3b4806d42abe89673ce92599b4323b2f4e0828b1ea3f0931a6fc17a8395744cee6ba50fe38203f839c5d51dbac05b646872a129132511528fc931353c5
SSDEEP

12288:RATuTAnKGwUAW3ycQqgYo3CyWoKEY3ZQi7gfqOuuh+c:zT+KjUdQqboyyWoK1NGqzuhb

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  2da5be2a7cc6cd8cf795aecdeaa3bf9a38e8ccb8d88163670558ab33cc18c471
- Size
  
  610KB
- MD5
  
  7f36399c44d00c1d3a80df0f20d8c025
- SHA1
  
  471d8e5511f58a37f8f4f4936cc2ceb9773abea4
- SHA256
  
  2da5be2a7cc6cd8cf795aecdeaa3bf9a38e8ccb8d88163670558ab33cc18c471
- SHA512
  
  3b28ee3b4806d42abe89673ce92599b4323b2f4e0828b1ea3f0931a6fc17a8395744cee6ba50fe38203f839c5d51dbac05b646872a129132511528fc931353c5
- SSDEEP
  
  12288:RATuTAnKGwUAW3ycQqgYo3CyWoKEY3ZQi7gfqOuuh+c:zT+KjUdQqboyyWoK1NGqzuhb
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2