tinba | 0482ac285c4e941a82de2425c3572ef2b951f90423d85627a282147fb3b95d14 | Triage

Sharing

General

Target

JaffaCakes118_7b9227f98eea65ad3cab1e755cc825a0
Size

171KB
Sample

250104-y3l2jsvrbs
MD5

7b9227f98eea65ad3cab1e755cc825a0
SHA1

afb49223eafa9a12edc77f490c7270d6ae290da1
SHA256

0482ac285c4e941a82de2425c3572ef2b951f90423d85627a282147fb3b95d14
SHA512

df0810cadccbac745a828d08b8d8b9630fd0f24f3c7fa4eabccbc019f30b2aba67b1acc4be61e4b8cdf7192d4a86a602aadefa988d2a7c3dc7430bacb04f432f
SSDEEP

3072:aNa3V0rxgN+E+bjKFmEHKjbMpZszZHqiD:oal0aUELIEm6ZstKM

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_7b9227f98eea65ad3cab1e755cc825a0
- Size
  
  171KB
- MD5
  
  7b9227f98eea65ad3cab1e755cc825a0
- SHA1
  
  afb49223eafa9a12edc77f490c7270d6ae290da1
- SHA256
  
  0482ac285c4e941a82de2425c3572ef2b951f90423d85627a282147fb3b95d14
- SHA512
  
  df0810cadccbac745a828d08b8d8b9630fd0f24f3c7fa4eabccbc019f30b2aba67b1acc4be61e4b8cdf7192d4a86a602aadefa988d2a7c3dc7430bacb04f432f
- SSDEEP
  
  3072:aNa3V0rxgN+E+bjKFmEHKjbMpZszZHqiD:oal0aUELIEm6ZstKM
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2