tinba | bd28276fd9ef4bddb3075cdf8453aed9f78da4e2713d5078bb001919f25919e8 | Triage

Sharing

General

Target

bd28276fd9ef4bddb3075cdf8453aed9f78da4e2713d5078bb001919f25919e8.exe
Size

238KB
Sample

250120-gtbe1svmbv
MD5

1f7fb7aa37910d6f38dfeb32e60a148d
SHA1

346e0a34ac874245db7f588f6865ab4d9cef5238
SHA256

bd28276fd9ef4bddb3075cdf8453aed9f78da4e2713d5078bb001919f25919e8
SHA512

e9450331f8d7253b1be4b57c463322ae58136c00530198a4169e7cfaec7307d50d164062f291892eb2d7473985e60f4b7370f3d771d22733c1956ac4a9d063e7
SSDEEP

6144:xmkLu0Aq9r8q7XMaC4+yPY7HLgZl3MovMfCp5Cj:EkLsq9r8q7Xp27rk3Moe

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  bd28276fd9ef4bddb3075cdf8453aed9f78da4e2713d5078bb001919f25919e8.exe
- Size
  
  238KB
- MD5
  
  1f7fb7aa37910d6f38dfeb32e60a148d
- SHA1
  
  346e0a34ac874245db7f588f6865ab4d9cef5238
- SHA256
  
  bd28276fd9ef4bddb3075cdf8453aed9f78da4e2713d5078bb001919f25919e8
- SHA512
  
  e9450331f8d7253b1be4b57c463322ae58136c00530198a4169e7cfaec7307d50d164062f291892eb2d7473985e60f4b7370f3d771d22733c1956ac4a9d063e7
- SSDEEP
  
  6144:xmkLu0Aq9r8q7XMaC4+yPY7HLgZl3MovMfCp5Cj:EkLsq9r8q7Xp27rk3Moe
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2