tinba | 8bfc441342c8bf952a16f73fd6840ca0abd47108fe63a9292df3f16b14c1cd2c | Triage

Sharing

General

Target

8bfc441342c8bf952a16f73fd6840ca0abd47108fe63a9292df3f16b14c1cd2cN.exe
Size

225KB
Sample

241220-bnjasawlhj
MD5

08f9f68c2e4eb8420e69733282f99380
SHA1

fcf4d6c4ce6e75c79bff68849d77b881adf11249
SHA256

8bfc441342c8bf952a16f73fd6840ca0abd47108fe63a9292df3f16b14c1cd2c
SHA512

49f222afb933d20dbadef2b393cfb831629f3cbed779839e43ded7bd87fee3ad6ca888675970b25fd5b8bbc19a6e0afa0666568155018e4d1107aaeb88ff0f37
SSDEEP

6144:dA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:dATuTAnKGwUAW3ycQqgf

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  8bfc441342c8bf952a16f73fd6840ca0abd47108fe63a9292df3f16b14c1cd2cN.exe
- Size
  
  225KB
- MD5
  
  08f9f68c2e4eb8420e69733282f99380
- SHA1
  
  fcf4d6c4ce6e75c79bff68849d77b881adf11249
- SHA256
  
  8bfc441342c8bf952a16f73fd6840ca0abd47108fe63a9292df3f16b14c1cd2c
- SHA512
  
  49f222afb933d20dbadef2b393cfb831629f3cbed779839e43ded7bd87fee3ad6ca888675970b25fd5b8bbc19a6e0afa0666568155018e4d1107aaeb88ff0f37
- SSDEEP
  
  6144:dA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:dATuTAnKGwUAW3ycQqgf
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2