tinba | 5702a4204515ed95b456b5f6bdbe24d9d529d2a4715da2833d1343b28d3a96fa | Triage

Sharing

General

Target

5702a4204515ed95b456b5f6bdbe24d9d529d2a4715da2833d1343b28d3a96fa.exe
Size

225KB
Sample

241225-wgbyca1ndr
MD5

d9ddf1f75efd934536e757ef82219b03
SHA1

827cd3492b2b09dbd5bbe91b32797be413d06b4c
SHA256

5702a4204515ed95b456b5f6bdbe24d9d529d2a4715da2833d1343b28d3a96fa
SHA512

0d0edaf56cc7782b5df930c4bdf3271fbba387b56c45794a3cfb446cb57ff15a385226954d5b3559a64453612d832ae1d9e818befd3f42a2386dd4d8eed9f47a
SSDEEP

6144:dA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpY0:dATuTAnKGwUAW3ycQqgd

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  5702a4204515ed95b456b5f6bdbe24d9d529d2a4715da2833d1343b28d3a96fa.exe
- Size
  
  225KB
- MD5
  
  d9ddf1f75efd934536e757ef82219b03
- SHA1
  
  827cd3492b2b09dbd5bbe91b32797be413d06b4c
- SHA256
  
  5702a4204515ed95b456b5f6bdbe24d9d529d2a4715da2833d1343b28d3a96fa
- SHA512
  
  0d0edaf56cc7782b5df930c4bdf3271fbba387b56c45794a3cfb446cb57ff15a385226954d5b3559a64453612d832ae1d9e818befd3f42a2386dd4d8eed9f47a
- SSDEEP
  
  6144:dA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpY0:dATuTAnKGwUAW3ycQqgd
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2