tinba | 65ce4a0190c299766b9af68f8740578aa96a5d76bba67ee56d4a7684ac6dabaa | Triage

Sharing

General

Target

65ce4a0190c299766b9af68f8740578aa96a5d76bba67ee56d4a7684ac6dabaa.exe
Size

89KB
Sample

250112-3by91swrfr
MD5

b1ffc14a6d5bb61b92dcca8dd74a4f48
SHA1

d7dab8e82bedb9b86e93c4f601a3b97ba9f0c236
SHA256

65ce4a0190c299766b9af68f8740578aa96a5d76bba67ee56d4a7684ac6dabaa
SHA512

3e6d94b8e2c74b6578f098bd4578d66dd9986d365d9557c5994593a4aaa8aa7f41899c9e1b3c04157c61cccbe70974992988fc300c847ee7a75812d4b1bed438
SSDEEP

1536:Wz44CpRkr9DXhH/2m//56RrufqjhzrmKIFAV0ER:WzvokZRfN/yFj1qrFAHR

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  65ce4a0190c299766b9af68f8740578aa96a5d76bba67ee56d4a7684ac6dabaa.exe
- Size
  
  89KB
- MD5
  
  b1ffc14a6d5bb61b92dcca8dd74a4f48
- SHA1
  
  d7dab8e82bedb9b86e93c4f601a3b97ba9f0c236
- SHA256
  
  65ce4a0190c299766b9af68f8740578aa96a5d76bba67ee56d4a7684ac6dabaa
- SHA512
  
  3e6d94b8e2c74b6578f098bd4578d66dd9986d365d9557c5994593a4aaa8aa7f41899c9e1b3c04157c61cccbe70974992988fc300c847ee7a75812d4b1bed438
- SSDEEP
  
  1536:Wz44CpRkr9DXhH/2m//56RrufqjhzrmKIFAV0ER:WzvokZRfN/yFj1qrFAHR
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2

tinbabankerdiscoverypersistencetrojan