tinba | 06aae36651b6442a2030c5a7b91a56826e59273c77716173a36cd29a037d1ba6 | Triage

Sharing

General

Target

06aae36651b6442a2030c5a7b91a56826e59273c77716173a36cd29a037d1ba6.exe
Size

120KB
Sample

250121-ztqh2szrcy
MD5

a1f08e43983141a9f003046f35682f9c
SHA1

33d1116a7ba3a888b78d7246ec3a9126364467e8
SHA256

06aae36651b6442a2030c5a7b91a56826e59273c77716173a36cd29a037d1ba6
SHA512

fed8d9bf86413cc522a714e50e91fd49ab68bcd9f96c51d826e0b0a6a147c9b2dce3505662aff1aa35238b5db4f8d3300c61d521e94e998c801e11dc7e1bfa95
SSDEEP

1536:KiLOvRmmQegJW3aOgBbmAQ256/ZrwWnwqjhurmKFctI:KiyvRmQKTLs/ZrwWJjAqGctI

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  06aae36651b6442a2030c5a7b91a56826e59273c77716173a36cd29a037d1ba6.exe
- Size
  
  120KB
- MD5
  
  a1f08e43983141a9f003046f35682f9c
- SHA1
  
  33d1116a7ba3a888b78d7246ec3a9126364467e8
- SHA256
  
  06aae36651b6442a2030c5a7b91a56826e59273c77716173a36cd29a037d1ba6
- SHA512
  
  fed8d9bf86413cc522a714e50e91fd49ab68bcd9f96c51d826e0b0a6a147c9b2dce3505662aff1aa35238b5db4f8d3300c61d521e94e998c801e11dc7e1bfa95
- SSDEEP
  
  1536:KiLOvRmmQegJW3aOgBbmAQ256/ZrwWnwqjhurmKFctI:KiyvRmQKTLs/ZrwWJjAqGctI
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2

tinbabankerdiscoverypersistencetrojan