tinba | 2804ff6ebfd5673ff61bc1eee576108a6b2a7cf73bdb9e5f435ff1f176682a93 | Triage

Sharing

General

Target

2804ff6ebfd5673ff61bc1eee576108a6b2a7cf73bdb9e5f435ff1f176682a93.exe
Size

225KB
Sample

241201-1h4f7ssqfv
MD5

dda5a2ba3a15eb10c87ca880cc693ada
SHA1

07d8ead08612312823015b64627f99ab493b68fd
SHA256

2804ff6ebfd5673ff61bc1eee576108a6b2a7cf73bdb9e5f435ff1f176682a93
SHA512

8494e405cfe0906a4c1a18590cc4d5d8c0177c7a3880851097fcbd37e8719921b06f7dacf3728939d8af9433c5512d2a1be6b544e24574a65f35fc5dc2100a5c
SSDEEP

6144:XA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:XATuTAnKGwUAW3ycQqgf

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  2804ff6ebfd5673ff61bc1eee576108a6b2a7cf73bdb9e5f435ff1f176682a93.exe
- Size
  
  225KB
- MD5
  
  dda5a2ba3a15eb10c87ca880cc693ada
- SHA1
  
  07d8ead08612312823015b64627f99ab493b68fd
- SHA256
  
  2804ff6ebfd5673ff61bc1eee576108a6b2a7cf73bdb9e5f435ff1f176682a93
- SHA512
  
  8494e405cfe0906a4c1a18590cc4d5d8c0177c7a3880851097fcbd37e8719921b06f7dacf3728939d8af9433c5512d2a1be6b544e24574a65f35fc5dc2100a5c
- SSDEEP
  
  6144:XA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:XATuTAnKGwUAW3ycQqgf
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2