tinba | b0f3b5a71e20a73e570b2e18cb3ce44cc248b1f78e70e5594384a39947e4a2a1 | Triage

Sharing

General

Target

b0f3b5a71e20a73e570b2e18cb3ce44cc248b1f78e70e5594384a39947e4a2a1N.exe
Size

610KB
Sample

241205-ebryyatjeq
MD5

cb4ac87b1e7ea7bc98b8c44188ca0080
SHA1

f8300f61aea54455e8d73a5bbb1699031f84886a
SHA256

b0f3b5a71e20a73e570b2e18cb3ce44cc248b1f78e70e5594384a39947e4a2a1
SHA512

deeaa9cef23adf69b04f21ee0957700480d22cb9680407cbafc6d0e43d0400d052152850cad1a87a2a8d865d8e317d4a949f49a65f7e9de4d750b37b93709ab1
SSDEEP

12288:iATuTAnKGwUAW3ycQqgYo3CyWoKEY3ZQi7gfqOuuh+c:cT+KjUdQqboyyWoK1NGqzuhb

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  b0f3b5a71e20a73e570b2e18cb3ce44cc248b1f78e70e5594384a39947e4a2a1N.exe
- Size
  
  610KB
- MD5
  
  cb4ac87b1e7ea7bc98b8c44188ca0080
- SHA1
  
  f8300f61aea54455e8d73a5bbb1699031f84886a
- SHA256
  
  b0f3b5a71e20a73e570b2e18cb3ce44cc248b1f78e70e5594384a39947e4a2a1
- SHA512
  
  deeaa9cef23adf69b04f21ee0957700480d22cb9680407cbafc6d0e43d0400d052152850cad1a87a2a8d865d8e317d4a949f49a65f7e9de4d750b37b93709ab1
- SSDEEP
  
  12288:iATuTAnKGwUAW3ycQqgYo3CyWoKEY3ZQi7gfqOuuh+c:cT+KjUdQqboyyWoK1NGqzuhb
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2