tinba | ac488c6ae0483fa73b0691016206737e2eae61f52e6cac76f35768fa8f8e4ef4 | Triage

Sharing

General

Target

ac488c6ae0483fa73b0691016206737e2eae61f52e6cac76f35768fa8f8e4ef4
Size

225KB
Sample

241207-b245eayndv
MD5

cfbdd21bff8c5d7302fa1ed5cde686fa
SHA1

945feca33cee82c8a1b08d3fd39ed93427294398
SHA256

ac488c6ae0483fa73b0691016206737e2eae61f52e6cac76f35768fa8f8e4ef4
SHA512

002fd25d00ed3793676ee98237e6e3e54cfcdf9ef8d51805e7d8afd8fed3e23aa0fc63ea4943b33c2ccf020e9744afb93f6382a9093d7232b960e105ac224d22
SSDEEP

6144:JA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:JATuTAnKGwUAW3ycQqgf

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  ac488c6ae0483fa73b0691016206737e2eae61f52e6cac76f35768fa8f8e4ef4
- Size
  
  225KB
- MD5
  
  cfbdd21bff8c5d7302fa1ed5cde686fa
- SHA1
  
  945feca33cee82c8a1b08d3fd39ed93427294398
- SHA256
  
  ac488c6ae0483fa73b0691016206737e2eae61f52e6cac76f35768fa8f8e4ef4
- SHA512
  
  002fd25d00ed3793676ee98237e6e3e54cfcdf9ef8d51805e7d8afd8fed3e23aa0fc63ea4943b33c2ccf020e9744afb93f6382a9093d7232b960e105ac224d22
- SSDEEP
  
  6144:JA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:JATuTAnKGwUAW3ycQqgf
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2