tinba | e5765a32f7dd21f9652abfd2434ba0f1ab66db6a1630b5667618dd8f6bea4c52 | Triage

Sharing

General

Target

dc37d18cb38d0fa17fd174be1ac31497_JaffaCakes118
Size

49KB
Sample

241210-ayk2paskgq
MD5

dc37d18cb38d0fa17fd174be1ac31497
SHA1

77f58115fb8c4ad25a4b450a277d8c8d1501c718
SHA256

e5765a32f7dd21f9652abfd2434ba0f1ab66db6a1630b5667618dd8f6bea4c52
SHA512

70ce8c0133f7328dbbe4961893bd44dd93cab5674043f338b6e56784c001a85bc9b7b2b0c0a16a72edda525127779603d7d5559d23511984370fa64cb7363897
SSDEEP

768:MCCCFlkbwAYbFshpyiB9L9Mx2BWseUCHGAwk5R9Jw:Qbw/6plBTFBYNNR9Jw

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  dc37d18cb38d0fa17fd174be1ac31497_JaffaCakes118
- Size
  
  49KB
- MD5
  
  dc37d18cb38d0fa17fd174be1ac31497
- SHA1
  
  77f58115fb8c4ad25a4b450a277d8c8d1501c718
- SHA256
  
  e5765a32f7dd21f9652abfd2434ba0f1ab66db6a1630b5667618dd8f6bea4c52
- SHA512
  
  70ce8c0133f7328dbbe4961893bd44dd93cab5674043f338b6e56784c001a85bc9b7b2b0c0a16a72edda525127779603d7d5559d23511984370fa64cb7363897
- SSDEEP
  
  768:MCCCFlkbwAYbFshpyiB9L9Mx2BWseUCHGAwk5R9Jw:Qbw/6plBTFBYNNR9Jw
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2

tinbabankerdiscoverypersistencetrojan