tinba | 18fc38daf13abe5b65c9cb694bd551a1b1d11b9077b0f255a680f567c0c949aa | Triage

Sharing

General

Target

JaffaCakes118_369f5611f6fb13cc2ae38611db75c758
Size

58KB
Sample

250106-ybkpeaxndr
MD5

369f5611f6fb13cc2ae38611db75c758
SHA1

f408de3b5090acc339cc9cf45b9cb4b238c05098
SHA256

18fc38daf13abe5b65c9cb694bd551a1b1d11b9077b0f255a680f567c0c949aa
SHA512

f6dfdfa7003f2dd7633670e7dd4231ed740ab4d2b4c34c3ec1f88d40c5de254026b8796b51f29d30bd897a7fc6283e3222374512be706557d4c35d7399bf1ee5
SSDEEP

768:RM5WaKyBevI8OHKA+hmXid6Z9HUEMyerTAzwavKCFC/nGVykmBdwxkpNZsP:S5P2vIg7dNrTAzZv3FaGU5LRm

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_369f5611f6fb13cc2ae38611db75c758
- Size
  
  58KB
- MD5
  
  369f5611f6fb13cc2ae38611db75c758
- SHA1
  
  f408de3b5090acc339cc9cf45b9cb4b238c05098
- SHA256
  
  18fc38daf13abe5b65c9cb694bd551a1b1d11b9077b0f255a680f567c0c949aa
- SHA512
  
  f6dfdfa7003f2dd7633670e7dd4231ed740ab4d2b4c34c3ec1f88d40c5de254026b8796b51f29d30bd897a7fc6283e3222374512be706557d4c35d7399bf1ee5
- SSDEEP
  
  768:RM5WaKyBevI8OHKA+hmXid6Z9HUEMyerTAzwavKCFC/nGVykmBdwxkpNZsP:S5P2vIg7dNrTAzZv3FaGU5LRm
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2