tinba | 8d389194a6aa4dc6aa6165a9bdc9095fb6eb4d55c76797fd458128721ac2ba6c | Triage

Sharing

General

Target

JaffaCakes118_65c62d6bb00bdd797b287553cc7d841b
Size

96KB
Sample

250102-rwfsmaxrdj
MD5

65c62d6bb00bdd797b287553cc7d841b
SHA1

da69dd05a4887f5a8e27cbacd3801caea1abcfae
SHA256

8d389194a6aa4dc6aa6165a9bdc9095fb6eb4d55c76797fd458128721ac2ba6c
SHA512

e6149ef7ddfc0d55b45ce5e4802ba065831d5954490702b7eca706de0d0a9a83b8d0a28f09ea5544dbd01ad61d17bafb52c39675cfeace611df0d26c51c1ceb6
SSDEEP

1536:1iLOvRmmQegJW3aOgBbmAQ256/ZrwWnwqjhurmKFct:1iyvRmQKTLs/ZrwWJjAqGct

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_65c62d6bb00bdd797b287553cc7d841b
- Size
  
  96KB
- MD5
  
  65c62d6bb00bdd797b287553cc7d841b
- SHA1
  
  da69dd05a4887f5a8e27cbacd3801caea1abcfae
- SHA256
  
  8d389194a6aa4dc6aa6165a9bdc9095fb6eb4d55c76797fd458128721ac2ba6c
- SHA512
  
  e6149ef7ddfc0d55b45ce5e4802ba065831d5954490702b7eca706de0d0a9a83b8d0a28f09ea5544dbd01ad61d17bafb52c39675cfeace611df0d26c51c1ceb6
- SSDEEP
  
  1536:1iLOvRmmQegJW3aOgBbmAQ256/ZrwWnwqjhurmKFct:1iyvRmQKTLs/ZrwWJjAqGct
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2

tinbabankerdiscoverypersistencetrojan