tinba | 483aea1a285779f49a95ae0504138fd55471a7513c7d839f3874997681cff0bd | Triage

Sharing

General

Target

JaffaCakes118_42ffa469f1e561ffe9f3692e7597ae01
Size

88KB
Sample

250101-ccfaessnbn
MD5

42ffa469f1e561ffe9f3692e7597ae01
SHA1

74914e574178df543f1bfe0abae25485d7279731
SHA256

483aea1a285779f49a95ae0504138fd55471a7513c7d839f3874997681cff0bd
SHA512

32482df140c96c37eec5d53028bbf216797afc6d408d91ec2bd2b2ba219377407cfc80cc928dc246314b1fad112b295d52b99c0ee3e9f31b4a821d8c3e9043d6
SSDEEP

1536:05nfmIpxDWbUfd3aOPmxxEhvgCooXqRQqjh+rmKVsN:05fvp12UFKcD/6jwqWsN

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_42ffa469f1e561ffe9f3692e7597ae01
- Size
  
  88KB
- MD5
  
  42ffa469f1e561ffe9f3692e7597ae01
- SHA1
  
  74914e574178df543f1bfe0abae25485d7279731
- SHA256
  
  483aea1a285779f49a95ae0504138fd55471a7513c7d839f3874997681cff0bd
- SHA512
  
  32482df140c96c37eec5d53028bbf216797afc6d408d91ec2bd2b2ba219377407cfc80cc928dc246314b1fad112b295d52b99c0ee3e9f31b4a821d8c3e9043d6
- SSDEEP
  
  1536:05nfmIpxDWbUfd3aOPmxxEhvgCooXqRQqjh+rmKVsN:05fvp12UFKcD/6jwqWsN
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2

tinbabankerdiscoverypersistencetrojan