tinba | ed18f9960ad91d9939034c2416c4c91a54f2dc1070eb511e810f2230296bbcf8 | Triage

Sharing

General

Target

ed18f9960ad91d9939034c2416c4c91a54f2dc1070eb511e810f2230296bbcf8N.exe
Size

237KB
Sample

241210-zbyfyaspcr
MD5

8e81d292b76568bdf04c7460c5f50c10
SHA1

59f3e6867bd7f3560998f2243f5102f55304b7b6
SHA256

ed18f9960ad91d9939034c2416c4c91a54f2dc1070eb511e810f2230296bbcf8
SHA512

7e0b8410aedccd362b2f9b23bfd33320271c6cca932f9f85ccfe7a688423b0134a6b48dfadac8f8859fe2fc34bacb0c83966e6fe6f93da9fe5c33954b83588ca
SSDEEP

6144:zA2P27yTAnKGw0hjFhSR/W1nyAJ9v0pMtRCpYQ:zATuTAnKGwUAWVycQqgj

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  ed18f9960ad91d9939034c2416c4c91a54f2dc1070eb511e810f2230296bbcf8N.exe
- Size
  
  237KB
- MD5
  
  8e81d292b76568bdf04c7460c5f50c10
- SHA1
  
  59f3e6867bd7f3560998f2243f5102f55304b7b6
- SHA256
  
  ed18f9960ad91d9939034c2416c4c91a54f2dc1070eb511e810f2230296bbcf8
- SHA512
  
  7e0b8410aedccd362b2f9b23bfd33320271c6cca932f9f85ccfe7a688423b0134a6b48dfadac8f8859fe2fc34bacb0c83966e6fe6f93da9fe5c33954b83588ca
- SSDEEP
  
  6144:zA2P27yTAnKGw0hjFhSR/W1nyAJ9v0pMtRCpYQ:zATuTAnKGwUAWVycQqgj
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2