tinba | cbbf6237fe1f8b935c22d5c0dff17b4a95f6549d742a5db58637da67723cad51 | Triage

Sharing

General

Target

cbbf6237fe1f8b935c22d5c0dff17b4a95f6549d742a5db58637da67723cad51.exe
Size

225KB
Sample

241226-s19ryaynfy
MD5

b8122f13f75e145bfb99ee64bc547554
SHA1

18b1e8454c2705fa4e9abc024842cdf80f225788
SHA256

cbbf6237fe1f8b935c22d5c0dff17b4a95f6549d742a5db58637da67723cad51
SHA512

16b489006f1e7ab65b9fafa4742a36cb6d2af3e9b1ddda38778a64ce80aa4330ddcdd72470bb5ec0234fe2996fdf3933b55d4d987ec444146ce71d1ee2b8c20c
SSDEEP

6144:VA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpY0:VATuTAnKGwUAW3ycQqgl

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  cbbf6237fe1f8b935c22d5c0dff17b4a95f6549d742a5db58637da67723cad51.exe
- Size
  
  225KB
- MD5
  
  b8122f13f75e145bfb99ee64bc547554
- SHA1
  
  18b1e8454c2705fa4e9abc024842cdf80f225788
- SHA256
  
  cbbf6237fe1f8b935c22d5c0dff17b4a95f6549d742a5db58637da67723cad51
- SHA512
  
  16b489006f1e7ab65b9fafa4742a36cb6d2af3e9b1ddda38778a64ce80aa4330ddcdd72470bb5ec0234fe2996fdf3933b55d4d987ec444146ce71d1ee2b8c20c
- SSDEEP
  
  6144:VA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpY0:VATuTAnKGwUAW3ycQqgl
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2