tinba | 217948f502f29fdf931d8c0a8b8abbb0458a57758f8b1e913120e591a9229c9f | Triage

Sharing

General

Target

217948f502f29fdf931d8c0a8b8abbb0458a57758f8b1e913120e591a9229c9f.exe
Size

610KB
Sample

241202-frbgka1khw
MD5

7e7c626c0cd3310357d417b6dcfb37dc
SHA1

9bfab2c6a4e78528020d0a2ded44291bf824d8ff
SHA256

217948f502f29fdf931d8c0a8b8abbb0458a57758f8b1e913120e591a9229c9f
SHA512

6de2fa4f621a164e4c8d986422fc533442bf1b632a38927a6a0363676ac6bfda959f94e0ded2e1bacf18f283a448c7fdec67d65286ef224a0c93b8c6c23a3633
SSDEEP

12288:iATuTAnKGwUAW3ycQqgYo3CyWoKEY3ZQi7gfqOuuh+E:cT+KjUdQqboyyWoK1NGqzuh5

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  217948f502f29fdf931d8c0a8b8abbb0458a57758f8b1e913120e591a9229c9f.exe
- Size
  
  610KB
- MD5
  
  7e7c626c0cd3310357d417b6dcfb37dc
- SHA1
  
  9bfab2c6a4e78528020d0a2ded44291bf824d8ff
- SHA256
  
  217948f502f29fdf931d8c0a8b8abbb0458a57758f8b1e913120e591a9229c9f
- SHA512
  
  6de2fa4f621a164e4c8d986422fc533442bf1b632a38927a6a0363676ac6bfda959f94e0ded2e1bacf18f283a448c7fdec67d65286ef224a0c93b8c6c23a3633
- SSDEEP
  
  12288:iATuTAnKGwUAW3ycQqgYo3CyWoKEY3ZQi7gfqOuuh+E:cT+KjUdQqboyyWoK1NGqzuh5
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2