tinba | b413848a9f009cfca35513cfd7146ddc6e2b87ea5c264699e85b9b6468fde0fa | Triage

Sharing

General

Target

b413848a9f009cfca35513cfd7146ddc6e2b87ea5c264699e85b9b6468fde0faN.exe
Size

88KB
Sample

250121-jap56ssqdl
MD5

fbeee82621a891cbe0ff8b6d5f22f040
SHA1

884de696bcf8f6b7db33abd862926c237091683a
SHA256

b413848a9f009cfca35513cfd7146ddc6e2b87ea5c264699e85b9b6468fde0fa
SHA512

0804e4d27c5d2b8bfa98599ae64c3f08e29e6cf8764da5dd2344d19455d3ed26c046a004ae78dda282f53f11efe8df6869c1c0ca8b4834d0d66440b106e55a46
SSDEEP

1536:vz44CpRkr9DXhHf3aOd/56RrkQqjh+rmKVsN:vzvokZR/KM/ysjwqWsN

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  b413848a9f009cfca35513cfd7146ddc6e2b87ea5c264699e85b9b6468fde0faN.exe
- Size
  
  88KB
- MD5
  
  fbeee82621a891cbe0ff8b6d5f22f040
- SHA1
  
  884de696bcf8f6b7db33abd862926c237091683a
- SHA256
  
  b413848a9f009cfca35513cfd7146ddc6e2b87ea5c264699e85b9b6468fde0fa
- SHA512
  
  0804e4d27c5d2b8bfa98599ae64c3f08e29e6cf8764da5dd2344d19455d3ed26c046a004ae78dda282f53f11efe8df6869c1c0ca8b4834d0d66440b106e55a46
- SSDEEP
  
  1536:vz44CpRkr9DXhHf3aOd/56RrkQqjh+rmKVsN:vzvokZR/KM/ysjwqWsN
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2

tinbabankerdiscoverypersistencetrojan