tinba | d93dfea2f672fefeed14faf6fc78760bf6bc0947da76a9767ede7539e1c6b362 | Triage

Sharing

General

Target

d93dfea2f672fefeed14faf6fc78760bf6bc0947da76a9767ede7539e1c6b362.exe
Size

610KB
Sample

241219-ka8syswrav
MD5

c57018a57fbe56b3552c5306ce31a29b
SHA1

367919ef2308f899e71a8cf063325cab5bd06633
SHA256

d93dfea2f672fefeed14faf6fc78760bf6bc0947da76a9767ede7539e1c6b362
SHA512

8ffa42eb9991dafd4014b2c839e2d5f24527c79fbcc816ecd3e6b5042b33740d502925f16321da3e4162e0bf771851f4d6f7d0874c2894629140434892b17a10
SSDEEP

12288:IATuTAnKGwUAW3ycQqgYo3CyWoKEY3ZQi7gfqOuuh+E:2T+KjUdQqboyyWoK1NGqzuhZ

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  d93dfea2f672fefeed14faf6fc78760bf6bc0947da76a9767ede7539e1c6b362.exe
- Size
  
  610KB
- MD5
  
  c57018a57fbe56b3552c5306ce31a29b
- SHA1
  
  367919ef2308f899e71a8cf063325cab5bd06633
- SHA256
  
  d93dfea2f672fefeed14faf6fc78760bf6bc0947da76a9767ede7539e1c6b362
- SHA512
  
  8ffa42eb9991dafd4014b2c839e2d5f24527c79fbcc816ecd3e6b5042b33740d502925f16321da3e4162e0bf771851f4d6f7d0874c2894629140434892b17a10
- SSDEEP
  
  12288:IATuTAnKGwUAW3ycQqgYo3CyWoKEY3ZQi7gfqOuuh+E:2T+KjUdQqboyyWoK1NGqzuhZ
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2