tinba | 94f621007d81fb10019d75b81fd4fecbbe498505198abc0447f604b129f0c4f5 | Triage

Sharing

General

Target

94f621007d81fb10019d75b81fd4fecbbe498505198abc0447f604b129f0c4f5
Size

610KB
Sample

241227-a5gmvaxjbp
MD5

4a2b8ccd27ab418c9c2a51343c694e73
SHA1

0815d4e38248902d257305ca0c0108ef9c85dd05
SHA256

94f621007d81fb10019d75b81fd4fecbbe498505198abc0447f604b129f0c4f5
SHA512

931d7c875d1ab9aad25ef64b879d420bdfc926f6981f47a5c9a53f00ee9c0ce0b68cc36e1d120d3bf4be97a5fe5f60a357260938d03a254e2a4611f1f17992bc
SSDEEP

12288:JATuTAnKGwUAW3ycQqgYo3CyWoKEY3ZQi7gfqOuuh+E:LT+KjUdQqboyyWoK1NGqzuhx

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  94f621007d81fb10019d75b81fd4fecbbe498505198abc0447f604b129f0c4f5
- Size
  
  610KB
- MD5
  
  4a2b8ccd27ab418c9c2a51343c694e73
- SHA1
  
  0815d4e38248902d257305ca0c0108ef9c85dd05
- SHA256
  
  94f621007d81fb10019d75b81fd4fecbbe498505198abc0447f604b129f0c4f5
- SHA512
  
  931d7c875d1ab9aad25ef64b879d420bdfc926f6981f47a5c9a53f00ee9c0ce0b68cc36e1d120d3bf4be97a5fe5f60a357260938d03a254e2a4611f1f17992bc
- SSDEEP
  
  12288:JATuTAnKGwUAW3ycQqgYo3CyWoKEY3ZQi7gfqOuuh+E:LT+KjUdQqboyyWoK1NGqzuhx
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2