tinba | 61e4f1227b032d9eaaf0d4f2ad14df61abea4b5af78dae55c3e7fe037a35fa96 | Triage

Sharing

General

Target

JaffaCakes118_0b220b5aec910d91c34d496a85e65ddf
Size

88KB
Sample

250106-dq42datrhw
MD5

0b220b5aec910d91c34d496a85e65ddf
SHA1

63a2eff72d6894e736d740cdfda59b3da85f2be3
SHA256

61e4f1227b032d9eaaf0d4f2ad14df61abea4b5af78dae55c3e7fe037a35fa96
SHA512

1a975ab8c76ec6de8d96c9e9ebf5b0ce0beb0b6c4081a9b11d88955a77035a948cf8189f55e0c9421f1a05648e89577b213cf7779b75f98e97aded3cf29e95fa
SSDEEP

1536:75nfmIpxDWbUfd3aOPmxxEhvgCooXqRQqjh+rmKVsN:75fvp12UFKcD/6jwqWsN

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_0b220b5aec910d91c34d496a85e65ddf
- Size
  
  88KB
- MD5
  
  0b220b5aec910d91c34d496a85e65ddf
- SHA1
  
  63a2eff72d6894e736d740cdfda59b3da85f2be3
- SHA256
  
  61e4f1227b032d9eaaf0d4f2ad14df61abea4b5af78dae55c3e7fe037a35fa96
- SHA512
  
  1a975ab8c76ec6de8d96c9e9ebf5b0ce0beb0b6c4081a9b11d88955a77035a948cf8189f55e0c9421f1a05648e89577b213cf7779b75f98e97aded3cf29e95fa
- SSDEEP
  
  1536:75nfmIpxDWbUfd3aOPmxxEhvgCooXqRQqjh+rmKVsN:75fvp12UFKcD/6jwqWsN
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2

tinbabankerdiscoverypersistencetrojan