tinba | 4255ab23a38b4b45c3e96b5394f53e133526f06cefaf86ea6bbbe9366c1ba840 | Triage

Sharing

General

Target

4255ab23a38b4b45c3e96b5394f53e133526f06cefaf86ea6bbbe9366c1ba840N.exe
Size

610KB
Sample

241216-emccmatjcw
MD5

aad1fa8d992077456ca89abe5d382010
SHA1

147947550010a5a27ad98746c9543859df6268b4
SHA256

4255ab23a38b4b45c3e96b5394f53e133526f06cefaf86ea6bbbe9366c1ba840
SHA512

a3a21fbde565b5ea70603d480005a8feb9dcf46b1de0387149a3f047702094ddafdd175f4ecc379c1f9fbae8cdd5d1c3bf16150e94dd3e3d688752e2e6ffdc2e
SSDEEP

12288:sATuTAnKGwUAW3ycQqgYo3CyWoKEY3ZQi7gfqOuuh+E:CT+KjUdQqboyyWoK1NGqzuhx

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  4255ab23a38b4b45c3e96b5394f53e133526f06cefaf86ea6bbbe9366c1ba840N.exe
- Size
  
  610KB
- MD5
  
  aad1fa8d992077456ca89abe5d382010
- SHA1
  
  147947550010a5a27ad98746c9543859df6268b4
- SHA256
  
  4255ab23a38b4b45c3e96b5394f53e133526f06cefaf86ea6bbbe9366c1ba840
- SHA512
  
  a3a21fbde565b5ea70603d480005a8feb9dcf46b1de0387149a3f047702094ddafdd175f4ecc379c1f9fbae8cdd5d1c3bf16150e94dd3e3d688752e2e6ffdc2e
- SSDEEP
  
  12288:sATuTAnKGwUAW3ycQqgYo3CyWoKEY3ZQi7gfqOuuh+E:CT+KjUdQqboyyWoK1NGqzuhx
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2