tinba | 41617a03876bd21bbc6c6ef9cecfd1e720fe2ecbf39f53cf3ff608d5ad451111 | Triage

Sharing

General

Target

41617a03876bd21bbc6c6ef9cecfd1e720fe2ecbf39f53cf3ff608d5ad451111.exe
Size

610KB
Sample

241217-zcbnkaykaj
MD5

d85dc27f4b683ca4923b48a8b1d52d3b
SHA1

5b7b118c1b2b00f9ec50f2711b0fe4a20b49cd2f
SHA256

41617a03876bd21bbc6c6ef9cecfd1e720fe2ecbf39f53cf3ff608d5ad451111
SHA512

cfdabfc37e6b6a35e5e512a8d6c519c99b48bab1d34e8a5b39fc9f3898e32bc64798481bc733d9f481252f6b27925185218e18ab63be8f6cf0b456e69c3c639c
SSDEEP

12288:BATuTAnKGwUAW3ycQqgYo3CyWoKEY3ZQi7gfqOuuh+c:jT+KjUdQqboyyWoK1NGqzuhr

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  41617a03876bd21bbc6c6ef9cecfd1e720fe2ecbf39f53cf3ff608d5ad451111.exe
- Size
  
  610KB
- MD5
  
  d85dc27f4b683ca4923b48a8b1d52d3b
- SHA1
  
  5b7b118c1b2b00f9ec50f2711b0fe4a20b49cd2f
- SHA256
  
  41617a03876bd21bbc6c6ef9cecfd1e720fe2ecbf39f53cf3ff608d5ad451111
- SHA512
  
  cfdabfc37e6b6a35e5e512a8d6c519c99b48bab1d34e8a5b39fc9f3898e32bc64798481bc733d9f481252f6b27925185218e18ab63be8f6cf0b456e69c3c639c
- SSDEEP
  
  12288:BATuTAnKGwUAW3ycQqgYo3CyWoKEY3ZQi7gfqOuuh+c:jT+KjUdQqboyyWoK1NGqzuhr
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2