tinba | 2dc6aabf91d533f1db357c0d2cd629b258ef631f9c19468e6cb27af4f4da0a65 | Triage

Sharing

General

Target

2dc6aabf91d533f1db357c0d2cd629b258ef631f9c19468e6cb27af4f4da0a65N.exe
Size

225KB
Sample

241222-emdkpaspds
MD5

dcd8e89031092e3d6bcf4bd271797b10
SHA1

e7b125e360e0ac02d72ed2eb90ea009fef5ebd5a
SHA256

2dc6aabf91d533f1db357c0d2cd629b258ef631f9c19468e6cb27af4f4da0a65
SHA512

0a950f707dc26e7b8af694e14e4f111eb69086c48da3bf1eb2760bee3a0e0e0156c3d4a973073270ba0336d5b9872c02d5f2d4c32cdb79ae635d4e1059c18a17
SSDEEP

6144:PA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:PATuTAnKGwUAW3ycQqgX

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  2dc6aabf91d533f1db357c0d2cd629b258ef631f9c19468e6cb27af4f4da0a65N.exe
- Size
  
  225KB
- MD5
  
  dcd8e89031092e3d6bcf4bd271797b10
- SHA1
  
  e7b125e360e0ac02d72ed2eb90ea009fef5ebd5a
- SHA256
  
  2dc6aabf91d533f1db357c0d2cd629b258ef631f9c19468e6cb27af4f4da0a65
- SHA512
  
  0a950f707dc26e7b8af694e14e4f111eb69086c48da3bf1eb2760bee3a0e0e0156c3d4a973073270ba0336d5b9872c02d5f2d4c32cdb79ae635d4e1059c18a17
- SSDEEP
  
  6144:PA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:PATuTAnKGwUAW3ycQqgX
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2