tinba | 30ef700f34909c6684cedf803a48e84db04c7e9b101625b5fc4b153c7a129789 | Triage

Sharing

General

Target

30ef700f34909c6684cedf803a48e84db04c7e9b101625b5fc4b153c7a129789N.exe
Size

610KB
Sample

241219-h1pfwsvmfq
MD5

c544db6c485c8cfcdfe222b86b76b370
SHA1

4b65161fabf8d6f18f29346a060e65910408a0dc
SHA256

30ef700f34909c6684cedf803a48e84db04c7e9b101625b5fc4b153c7a129789
SHA512

5154a56dd771d68af4f1cdebde532a0a264902701d4c1a8e658d992c47085b676c35151a1d00b0c3c0040e909de2a1a8fec8b9512c4cb2d36c6e9270a3256f9e
SSDEEP

12288:hATuTAnKGwUAW3ycQqgYo3CyWoKEY3ZQi7gfqOuuh+E:DT+KjUdQqboyyWoK1NGqzuhx

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  30ef700f34909c6684cedf803a48e84db04c7e9b101625b5fc4b153c7a129789N.exe
- Size
  
  610KB
- MD5
  
  c544db6c485c8cfcdfe222b86b76b370
- SHA1
  
  4b65161fabf8d6f18f29346a060e65910408a0dc
- SHA256
  
  30ef700f34909c6684cedf803a48e84db04c7e9b101625b5fc4b153c7a129789
- SHA512
  
  5154a56dd771d68af4f1cdebde532a0a264902701d4c1a8e658d992c47085b676c35151a1d00b0c3c0040e909de2a1a8fec8b9512c4cb2d36c6e9270a3256f9e
- SSDEEP
  
  12288:hATuTAnKGwUAW3ycQqgYo3CyWoKEY3ZQi7gfqOuuh+E:DT+KjUdQqboyyWoK1NGqzuhx
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2