tinba | 775e983c57881a9f67a85bda1b56961c7500eff270b72ececce7f5394bf3ea34 | Triage

Sharing

General

Target

775e983c57881a9f67a85bda1b56961c7500eff270b72ececce7f5394bf3ea34N.exe
Size

610KB
Sample

241203-2wfsqsymaw
MD5

ddcdf6fa8228deb28569d332f4e9d2f0
SHA1

d1c0b7a04a87660803fe0f94faf746f76803f03f
SHA256

775e983c57881a9f67a85bda1b56961c7500eff270b72ececce7f5394bf3ea34
SHA512

8d46c969a06be9a3dcc1ea4c4db3bddc5952283430e57a7f83a6f9e485ed12434c4bae973ea1cf51aaf9d792fcb24b6cbdb936e19974ab181a91adf4b6b8b4c0
SSDEEP

12288:NATuTAnKGwUAW3ycQqgYo3CyWoKEY3ZQi7gfqOuuh+E:3T+KjUdQqboyyWoK1NGqzuhx

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  775e983c57881a9f67a85bda1b56961c7500eff270b72ececce7f5394bf3ea34N.exe
- Size
  
  610KB
- MD5
  
  ddcdf6fa8228deb28569d332f4e9d2f0
- SHA1
  
  d1c0b7a04a87660803fe0f94faf746f76803f03f
- SHA256
  
  775e983c57881a9f67a85bda1b56961c7500eff270b72ececce7f5394bf3ea34
- SHA512
  
  8d46c969a06be9a3dcc1ea4c4db3bddc5952283430e57a7f83a6f9e485ed12434c4bae973ea1cf51aaf9d792fcb24b6cbdb936e19974ab181a91adf4b6b8b4c0
- SSDEEP
  
  12288:NATuTAnKGwUAW3ycQqgYo3CyWoKEY3ZQi7gfqOuuh+E:3T+KjUdQqboyyWoK1NGqzuhx
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2