tinba | 0a54b09ed5f3d892ea99b47e6340e8ccf6944d063d4753be0b860855be40a9a8 | Triage

Sharing

General

Target

d43d03756f303e7984e8461dcc12cca4_JaffaCakes118
Size

49KB
Sample

241207-3wjeas1kev
MD5

d43d03756f303e7984e8461dcc12cca4
SHA1

e6b210192bb394c1b60d944a9f9165ce3d5cb10e
SHA256

0a54b09ed5f3d892ea99b47e6340e8ccf6944d063d4753be0b860855be40a9a8
SHA512

50486f3df9d3163be9baf3d3c43387b31ead4722341e5aca4ae45b732f6f898cc947994fc15ecfdba78e18856d2a34d47c0dbf89084b94e6d19afbb3ec6e1e0d
SSDEEP

768:PCCCFlkbwAYbFshpyiB9L9Mx2BWseUCHGAwk5R9Jw:rbw/6plBTFBYNNR9Jw

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  d43d03756f303e7984e8461dcc12cca4_JaffaCakes118
- Size
  
  49KB
- MD5
  
  d43d03756f303e7984e8461dcc12cca4
- SHA1
  
  e6b210192bb394c1b60d944a9f9165ce3d5cb10e
- SHA256
  
  0a54b09ed5f3d892ea99b47e6340e8ccf6944d063d4753be0b860855be40a9a8
- SHA512
  
  50486f3df9d3163be9baf3d3c43387b31ead4722341e5aca4ae45b732f6f898cc947994fc15ecfdba78e18856d2a34d47c0dbf89084b94e6d19afbb3ec6e1e0d
- SSDEEP
  
  768:PCCCFlkbwAYbFshpyiB9L9Mx2BWseUCHGAwk5R9Jw:rbw/6plBTFBYNNR9Jw
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2

tinbabankerdiscoverypersistencetrojan