tinba | 3d1e7a28af9798f584c94134debd0999a7cbb9a6bdf5732ab0e8786ff0f75982 | Triage

Sharing

General

Target

3d1e7a28af9798f584c94134debd0999a7cbb9a6bdf5732ab0e8786ff0f75982N.exe
Size

225KB
Sample

241216-qhnqms1mfv
MD5

bb9888adebec8dddd937a367710e37e0
SHA1

84a78de9ecf898969c948b5301d9672bc3f1469c
SHA256

3d1e7a28af9798f584c94134debd0999a7cbb9a6bdf5732ab0e8786ff0f75982
SHA512

32df97aa8cc79019160d132e50887ab275899c1136cbdfe6af590de32c92d6deaa54f20b35a1f60e6b22fccd3e4b2f8b807af1f9aab8fdaec5ce4314ac805e5b
SSDEEP

6144:fA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:fATuTAnKGwUAW3ycQqgf

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  3d1e7a28af9798f584c94134debd0999a7cbb9a6bdf5732ab0e8786ff0f75982N.exe
- Size
  
  225KB
- MD5
  
  bb9888adebec8dddd937a367710e37e0
- SHA1
  
  84a78de9ecf898969c948b5301d9672bc3f1469c
- SHA256
  
  3d1e7a28af9798f584c94134debd0999a7cbb9a6bdf5732ab0e8786ff0f75982
- SHA512
  
  32df97aa8cc79019160d132e50887ab275899c1136cbdfe6af590de32c92d6deaa54f20b35a1f60e6b22fccd3e4b2f8b807af1f9aab8fdaec5ce4314ac805e5b
- SSDEEP
  
  6144:fA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:fATuTAnKGwUAW3ycQqgf
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2