tinba | 99736ff1b3525552c3849b3b9282f98fdf66ecbcac424c9cc74bd6068e684a23 | Triage

Sharing

General

Target

JaffaCakes118_248e7834494f4e1e0d5ed161b08326d0
Size

88KB
Sample

241231-sqzh8ayngn
MD5

248e7834494f4e1e0d5ed161b08326d0
SHA1

10f95e0ea941a4c6dca4b6e58a5e148389aadce7
SHA256

99736ff1b3525552c3849b3b9282f98fdf66ecbcac424c9cc74bd6068e684a23
SHA512

8bbd448181550659694f535acbd7d38643013c6549d0bcdce6fc3d174dfc57e871560ccd79561e9dd4fac40c9ea72f5b87fa0d914b6cc68fc624068e75d39eb2
SSDEEP

1536:f5nfmIpxDWbUfd3aOPmxxEhvgCooXqRQqjh+rmKVsN:f5fvp12UFKcD/6jwqWsN

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_248e7834494f4e1e0d5ed161b08326d0
- Size
  
  88KB
- MD5
  
  248e7834494f4e1e0d5ed161b08326d0
- SHA1
  
  10f95e0ea941a4c6dca4b6e58a5e148389aadce7
- SHA256
  
  99736ff1b3525552c3849b3b9282f98fdf66ecbcac424c9cc74bd6068e684a23
- SHA512
  
  8bbd448181550659694f535acbd7d38643013c6549d0bcdce6fc3d174dfc57e871560ccd79561e9dd4fac40c9ea72f5b87fa0d914b6cc68fc624068e75d39eb2
- SSDEEP
  
  1536:f5nfmIpxDWbUfd3aOPmxxEhvgCooXqRQqjh+rmKVsN:f5fvp12UFKcD/6jwqWsN
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2

tinbabankerdiscoverypersistencetrojan