tinba | d4928af5775a468afced18ce3e14034d70caac31f02e6d123cfabdca22a4a198 | Triage

Sharing

General

Target

d4928af5775a468afced18ce3e14034d70caac31f02e6d123cfabdca22a4a198.exe
Size

610KB
Sample

241203-srfgqs1jet
MD5

8200d33a2ba4c88b12e39bcd3ba037d1
SHA1

aa91d5990bf7543b7ac0b4b21eab98096ae89540
SHA256

d4928af5775a468afced18ce3e14034d70caac31f02e6d123cfabdca22a4a198
SHA512

3d6ca5a3067f78cdd11a7f6c1e860ec38bb12f6a64c98ecca3ee963ce8844e7add3e931436fd569cbc357e52465f811557c1d34f6ddc15a2286c5461e5aa23ca
SSDEEP

12288:oATuTAnKGwUAW3ycQqgYo3CyWoKEY3ZQi7gfqOuuh+c:WT+KjUdQqboyyWoK1NGqzuhD

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  d4928af5775a468afced18ce3e14034d70caac31f02e6d123cfabdca22a4a198.exe
- Size
  
  610KB
- MD5
  
  8200d33a2ba4c88b12e39bcd3ba037d1
- SHA1
  
  aa91d5990bf7543b7ac0b4b21eab98096ae89540
- SHA256
  
  d4928af5775a468afced18ce3e14034d70caac31f02e6d123cfabdca22a4a198
- SHA512
  
  3d6ca5a3067f78cdd11a7f6c1e860ec38bb12f6a64c98ecca3ee963ce8844e7add3e931436fd569cbc357e52465f811557c1d34f6ddc15a2286c5461e5aa23ca
- SSDEEP
  
  12288:oATuTAnKGwUAW3ycQqgYo3CyWoKEY3ZQi7gfqOuuh+c:WT+KjUdQqboyyWoK1NGqzuhD
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2