tinba | 041b3c786f27c038c6c07bf7764414937d1be1373d2c68e06e6abe7a1b04a77b | Triage

Sharing

General

Target

JaffaCakes118_7693c6e4ebcc3199b4ddb64c6f5f4135
Size

88KB
Sample

250104-arvyba1ngz
MD5

7693c6e4ebcc3199b4ddb64c6f5f4135
SHA1

876290b49b64990fc1ca8481c95b89f8bf50e4b5
SHA256

041b3c786f27c038c6c07bf7764414937d1be1373d2c68e06e6abe7a1b04a77b
SHA512

738d2f03def816b257a7999cbcaeaa67034ca354c273c0768a7cb166d817769d7b9512a3cc92e5619bf00cba5e91ee47ae21b2df1129469c7ed2315ec2e786ef
SSDEEP

1536:r5nfmIpxDWbUfd3aOPmxxEhvgCooXqRQqjh+rmKVsN:r5fvp12UFKcD/6jwqWsN

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_7693c6e4ebcc3199b4ddb64c6f5f4135
- Size
  
  88KB
- MD5
  
  7693c6e4ebcc3199b4ddb64c6f5f4135
- SHA1
  
  876290b49b64990fc1ca8481c95b89f8bf50e4b5
- SHA256
  
  041b3c786f27c038c6c07bf7764414937d1be1373d2c68e06e6abe7a1b04a77b
- SHA512
  
  738d2f03def816b257a7999cbcaeaa67034ca354c273c0768a7cb166d817769d7b9512a3cc92e5619bf00cba5e91ee47ae21b2df1129469c7ed2315ec2e786ef
- SSDEEP
  
  1536:r5nfmIpxDWbUfd3aOPmxxEhvgCooXqRQqjh+rmKVsN:r5fvp12UFKcD/6jwqWsN
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2

tinbabankerdiscoverypersistencetrojan