tinba | 30920bec2ba69703b8bd15c41692c987594f4e0ed59ac371f8e4a73cd4bf00ae | Triage

Sharing

General

Target

JaffaCakes118_3952144e0b94e631aba7c3ede487ee61
Size

88KB
Sample

250106-zeat2syqgn
MD5

3952144e0b94e631aba7c3ede487ee61
SHA1

a3822269a13f53181b35472999a1838cdc1fe615
SHA256

30920bec2ba69703b8bd15c41692c987594f4e0ed59ac371f8e4a73cd4bf00ae
SHA512

bd062143be7093458d807d41b2a1e6a02a9a9762185a68150fbda77b4021fbb47c386283a0d62763b27ea1a53ed601023c7074a8bd79df24b71a3c8f36fd7e54
SSDEEP

1536:q5nfmIpxDWbUfd3aOPmxxEhvgCooXqRQqjh+rmKVsN:q5fvp12UFKcD/6jwqWsN

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_3952144e0b94e631aba7c3ede487ee61
- Size
  
  88KB
- MD5
  
  3952144e0b94e631aba7c3ede487ee61
- SHA1
  
  a3822269a13f53181b35472999a1838cdc1fe615
- SHA256
  
  30920bec2ba69703b8bd15c41692c987594f4e0ed59ac371f8e4a73cd4bf00ae
- SHA512
  
  bd062143be7093458d807d41b2a1e6a02a9a9762185a68150fbda77b4021fbb47c386283a0d62763b27ea1a53ed601023c7074a8bd79df24b71a3c8f36fd7e54
- SSDEEP
  
  1536:q5nfmIpxDWbUfd3aOPmxxEhvgCooXqRQqjh+rmKVsN:q5fvp12UFKcD/6jwqWsN
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2

tinbabankerdiscoverypersistencetrojan