tinba | c89433bb42b6bb4029d55fbde553a64a0a381b278aaff9a0cbf928b5dd7b2729 | Triage

Sharing

General

Target

c89433bb42b6bb4029d55fbde553a64a0a381b278aaff9a0cbf928b5dd7b2729N.exe
Size

225KB
Sample

241218-hwsbzsylav
MD5

dd72c05dd64b596fb83883556b9071a0
SHA1

08e07faded541e072d8946e46fbcfeda8f711715
SHA256

c89433bb42b6bb4029d55fbde553a64a0a381b278aaff9a0cbf928b5dd7b2729
SHA512

e1dc88ce7e0a6460531623f9a5a0a0716b5a632a305b80c125a296c081a96337381dbb21ad43a7a6ff923aa3a2d3d4d9545dc791f5b0c2fe0fa0646b29a90f3f
SSDEEP

6144:MA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:MATuTAnKGwUAW3ycQqgf

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  c89433bb42b6bb4029d55fbde553a64a0a381b278aaff9a0cbf928b5dd7b2729N.exe
- Size
  
  225KB
- MD5
  
  dd72c05dd64b596fb83883556b9071a0
- SHA1
  
  08e07faded541e072d8946e46fbcfeda8f711715
- SHA256
  
  c89433bb42b6bb4029d55fbde553a64a0a381b278aaff9a0cbf928b5dd7b2729
- SHA512
  
  e1dc88ce7e0a6460531623f9a5a0a0716b5a632a305b80c125a296c081a96337381dbb21ad43a7a6ff923aa3a2d3d4d9545dc791f5b0c2fe0fa0646b29a90f3f
- SSDEEP
  
  6144:MA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:MATuTAnKGwUAW3ycQqgf
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2