tinba | 529001c9ad10d4fdb6c5163b473e3244059dcf3eced999d57d705343ab6a3506 | Triage

Sharing

General

Target

529001c9ad10d4fdb6c5163b473e3244059dcf3eced999d57d705343ab6a3506.exe
Size

610KB
Sample

241226-v9swwsspfx
MD5

f5bf7eda336f0fece379b6cda1c8fe01
SHA1

314dae0c493a8a57f0cd5e8a651190093e734587
SHA256

529001c9ad10d4fdb6c5163b473e3244059dcf3eced999d57d705343ab6a3506
SHA512

8fed71d15c6bc27ee2b52562f5ef145f4284b732cb409885629d678ed108825c8188841ec1071507a0ba889b5d8c23cdbccfe7f06d9102e0485e7535bf99dedf
SSDEEP

12288:bATuTAnKGwUAW3ycQqgYo3CyWoKEY3ZQi7gfqOuuh+c:ZT+KjUdQqboyyWoK1NGqzuhb

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  529001c9ad10d4fdb6c5163b473e3244059dcf3eced999d57d705343ab6a3506.exe
- Size
  
  610KB
- MD5
  
  f5bf7eda336f0fece379b6cda1c8fe01
- SHA1
  
  314dae0c493a8a57f0cd5e8a651190093e734587
- SHA256
  
  529001c9ad10d4fdb6c5163b473e3244059dcf3eced999d57d705343ab6a3506
- SHA512
  
  8fed71d15c6bc27ee2b52562f5ef145f4284b732cb409885629d678ed108825c8188841ec1071507a0ba889b5d8c23cdbccfe7f06d9102e0485e7535bf99dedf
- SSDEEP
  
  12288:bATuTAnKGwUAW3ycQqgYo3CyWoKEY3ZQi7gfqOuuh+c:ZT+KjUdQqboyyWoK1NGqzuhb
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2