tinba | a85e17370de062da74ca83fb1464a82779c08be02d1f0c14167d4d69bc026311 | Triage

Sharing

General

Target

a85e17370de062da74ca83fb1464a82779c08be02d1f0c14167d4d69bc026311
Size

225KB
Sample

241218-d285gaspbn
MD5

f040efb7f5b1f97eb82403842cf4e6a9
SHA1

01767deabf687859b6cc76b9d99b6e1f825e6ffe
SHA256

a85e17370de062da74ca83fb1464a82779c08be02d1f0c14167d4d69bc026311
SHA512

48fbffec2c42cea466795d26801ec1a301aeb8d4784d57551eea0e5a68f37dbbeadfd903a53d3926740da8aad206fee3d79502de45dd86f53726fba5318edffc
SSDEEP

6144:2A2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:2ATuTAnKGwUAW3ycQqgf

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  a85e17370de062da74ca83fb1464a82779c08be02d1f0c14167d4d69bc026311
- Size
  
  225KB
- MD5
  
  f040efb7f5b1f97eb82403842cf4e6a9
- SHA1
  
  01767deabf687859b6cc76b9d99b6e1f825e6ffe
- SHA256
  
  a85e17370de062da74ca83fb1464a82779c08be02d1f0c14167d4d69bc026311
- SHA512
  
  48fbffec2c42cea466795d26801ec1a301aeb8d4784d57551eea0e5a68f37dbbeadfd903a53d3926740da8aad206fee3d79502de45dd86f53726fba5318edffc
- SSDEEP
  
  6144:2A2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:2ATuTAnKGwUAW3ycQqgf
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2