tinba | fa950eb2ad298751c288d29baa9cdad8e1be58f5dca3cf1196fa0027eeb7b6de | Triage

Sharing

General

Target

fa950eb2ad298751c288d29baa9cdad8e1be58f5dca3cf1196fa0027eeb7b6de
Size

225KB
Sample

241220-lgy3rsvqhq
MD5

0c73c8994fb1254c1414700f53bbbc41
SHA1

778ef62b41f2a1fb8a3fbb1aab1907d6994e4ffd
SHA256

fa950eb2ad298751c288d29baa9cdad8e1be58f5dca3cf1196fa0027eeb7b6de
SHA512

f38f29276fe109d8be14f2bc535df3e19268331e1f0a19529daaa0c0aab5ab1766830e3a15f4c2928cff7ad9173e9181bb2155793c544e6c6e74af205b19fabe
SSDEEP

6144:lA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpY0:lATuTAnKGwUAW3ycQqgV

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  fa950eb2ad298751c288d29baa9cdad8e1be58f5dca3cf1196fa0027eeb7b6de
- Size
  
  225KB
- MD5
  
  0c73c8994fb1254c1414700f53bbbc41
- SHA1
  
  778ef62b41f2a1fb8a3fbb1aab1907d6994e4ffd
- SHA256
  
  fa950eb2ad298751c288d29baa9cdad8e1be58f5dca3cf1196fa0027eeb7b6de
- SHA512
  
  f38f29276fe109d8be14f2bc535df3e19268331e1f0a19529daaa0c0aab5ab1766830e3a15f4c2928cff7ad9173e9181bb2155793c544e6c6e74af205b19fabe
- SSDEEP
  
  6144:lA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpY0:lATuTAnKGwUAW3ycQqgV
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2