tinba | 1b263157791b0fdc943244c508957704a1d20d44e161c1934083dce85bf93ee9 | Triage

Sharing

General

Target

1b263157791b0fdc943244c508957704a1d20d44e161c1934083dce85bf93ee9
Size

225KB
Sample

250105-x6crlswkal
MD5

791759fd0417540e7090e4abf66cdd68
SHA1

b0cdfde2b22c45eb0df18117150931f079070ef4
SHA256

1b263157791b0fdc943244c508957704a1d20d44e161c1934083dce85bf93ee9
SHA512

7a72204b99867c1c0c879cdbf6c4842dd886e09a1ba35c5442bc8ceb43befbbe49a0e1ba01288bbcb619b9f9b3ac9eaa35d80452b7da6b38bbdd7f57149493be
SSDEEP

6144:tA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:tATuTAnKGwUAW3ycQqgX

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  1b263157791b0fdc943244c508957704a1d20d44e161c1934083dce85bf93ee9
- Size
  
  225KB
- MD5
  
  791759fd0417540e7090e4abf66cdd68
- SHA1
  
  b0cdfde2b22c45eb0df18117150931f079070ef4
- SHA256
  
  1b263157791b0fdc943244c508957704a1d20d44e161c1934083dce85bf93ee9
- SHA512
  
  7a72204b99867c1c0c879cdbf6c4842dd886e09a1ba35c5442bc8ceb43befbbe49a0e1ba01288bbcb619b9f9b3ac9eaa35d80452b7da6b38bbdd7f57149493be
- SSDEEP
  
  6144:tA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:tATuTAnKGwUAW3ycQqgX
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2