tinba | 1ad7262bfeb74b635d9b56330a257940fa12124f4935efd21f5f0308c261ca1f | Triage

Sharing

General

Target

JaffaCakes118_40f8d5b0ef42b3f1dc9af41c77f537c4
Size

88KB
Sample

250101-ayrt8sxpdx
MD5

40f8d5b0ef42b3f1dc9af41c77f537c4
SHA1

4bd45492ec4173509dbfd68468ac19031a96240a
SHA256

1ad7262bfeb74b635d9b56330a257940fa12124f4935efd21f5f0308c261ca1f
SHA512

db5b9b5a9942824441cf5675202eb3a8b2049a8ae6058fa27a7cdb3ad9c0482fb1c77382285bd6e73801014c7b560ade8a17065ebf68e1faef00b3bf2c35052d
SSDEEP

1536:E5nfmIpxDWbUfd3aOPmxxEhvgCooXqRQqjh+rmKVsN:E5fvp12UFKcD/6jwqWsN

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_40f8d5b0ef42b3f1dc9af41c77f537c4
- Size
  
  88KB
- MD5
  
  40f8d5b0ef42b3f1dc9af41c77f537c4
- SHA1
  
  4bd45492ec4173509dbfd68468ac19031a96240a
- SHA256
  
  1ad7262bfeb74b635d9b56330a257940fa12124f4935efd21f5f0308c261ca1f
- SHA512
  
  db5b9b5a9942824441cf5675202eb3a8b2049a8ae6058fa27a7cdb3ad9c0482fb1c77382285bd6e73801014c7b560ade8a17065ebf68e1faef00b3bf2c35052d
- SSDEEP
  
  1536:E5nfmIpxDWbUfd3aOPmxxEhvgCooXqRQqjh+rmKVsN:E5fvp12UFKcD/6jwqWsN
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2

tinbabankerdiscoverypersistencetrojan