tinba | 36d37318b55aa179470464430012642e33f141c0b67f1d37cdcbfe03917b3c0e | Triage

Sharing

General

Target

36d37318b55aa179470464430012642e33f141c0b67f1d37cdcbfe03917b3c0eN.exe
Size

610KB
Sample

241220-esqgfazncm
MD5

ea985b3fbca8c40e7bfba5aa8c158e80
SHA1

a37d630681d7b16b597a8038d611c8e81865061e
SHA256

36d37318b55aa179470464430012642e33f141c0b67f1d37cdcbfe03917b3c0e
SHA512

98a269ea1b1eb82ba162d455c0b6446c342fb27b68b4e323cb8b00951326b663b44a0829385db49b0daaa54f06ae27e7f45c797ceb104e8373c94f4fa19a316c
SSDEEP

12288:JATuTAnKGwUAW3ycQqgYo3CyWoKEY3ZQi7gfqOuuh+c:LT+KjUdQqboyyWoK1NGqzuhz

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  36d37318b55aa179470464430012642e33f141c0b67f1d37cdcbfe03917b3c0eN.exe
- Size
  
  610KB
- MD5
  
  ea985b3fbca8c40e7bfba5aa8c158e80
- SHA1
  
  a37d630681d7b16b597a8038d611c8e81865061e
- SHA256
  
  36d37318b55aa179470464430012642e33f141c0b67f1d37cdcbfe03917b3c0e
- SHA512
  
  98a269ea1b1eb82ba162d455c0b6446c342fb27b68b4e323cb8b00951326b663b44a0829385db49b0daaa54f06ae27e7f45c797ceb104e8373c94f4fa19a316c
- SSDEEP
  
  12288:JATuTAnKGwUAW3ycQqgYo3CyWoKEY3ZQi7gfqOuuh+c:LT+KjUdQqboyyWoK1NGqzuhz
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2