tinba | 013ffdcc3da783da62f2271cc149764b6b53486995bd55345413d63e509fc4f9 | Triage

Sharing

General

Target

013ffdcc3da783da62f2271cc149764b6b53486995bd55345413d63e509fc4f9.exe
Size

88KB
Sample

241206-medvgsylep
MD5

28e3b869cb32800841d115bc98bbc251
SHA1

9bce57f5ff0433654830ae7f1b6b6c13068ff970
SHA256

013ffdcc3da783da62f2271cc149764b6b53486995bd55345413d63e509fc4f9
SHA512

65fd80333d52401e45f3278ffb6e7a855f058258c3c1d36e660dee8e89ed2cf4981710a34b2f471a9cffdcd077166d78cd3c99f9d954172a68bb6b711e466658
SSDEEP

1536:F5nfmIpxDWbUfd3aOPmxxEhvgCooXqRQqjh+rmKVsNI:F5fvp12UFKcD/6jwqWsNI

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  013ffdcc3da783da62f2271cc149764b6b53486995bd55345413d63e509fc4f9.exe
- Size
  
  88KB
- MD5
  
  28e3b869cb32800841d115bc98bbc251
- SHA1
  
  9bce57f5ff0433654830ae7f1b6b6c13068ff970
- SHA256
  
  013ffdcc3da783da62f2271cc149764b6b53486995bd55345413d63e509fc4f9
- SHA512
  
  65fd80333d52401e45f3278ffb6e7a855f058258c3c1d36e660dee8e89ed2cf4981710a34b2f471a9cffdcd077166d78cd3c99f9d954172a68bb6b711e466658
- SSDEEP
  
  1536:F5nfmIpxDWbUfd3aOPmxxEhvgCooXqRQqjh+rmKVsNI:F5fvp12UFKcD/6jwqWsNI
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2

tinbabankerdiscoverypersistencetrojan