tinba | 45e3c909bef1c474eb68b11b1387be21c378d0d6caea8a3420ff8cf8306507c5 | Triage

Sharing

General

Target

45e3c909bef1c474eb68b11b1387be21c378d0d6caea8a3420ff8cf8306507c5
Size

225KB
Sample

250122-3mp6gs1ngx
MD5

848f7515e9223b303ea7f93c53b8c018
SHA1

0855e39c38100326b3b899bde13c46b87ae15c6d
SHA256

45e3c909bef1c474eb68b11b1387be21c378d0d6caea8a3420ff8cf8306507c5
SHA512

80abf0de1f2ab62b026ebb666d50e82c7785e17ed29d9e117d9d33f7c1f16e35affea883f787fdfe74e2b67a1793cbc4302e587ab618bb877303bfef1f566d77
SSDEEP

6144:tA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:tATuTAnKGwUAW3ycQqgf

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  45e3c909bef1c474eb68b11b1387be21c378d0d6caea8a3420ff8cf8306507c5
- Size
  
  225KB
- MD5
  
  848f7515e9223b303ea7f93c53b8c018
- SHA1
  
  0855e39c38100326b3b899bde13c46b87ae15c6d
- SHA256
  
  45e3c909bef1c474eb68b11b1387be21c378d0d6caea8a3420ff8cf8306507c5
- SHA512
  
  80abf0de1f2ab62b026ebb666d50e82c7785e17ed29d9e117d9d33f7c1f16e35affea883f787fdfe74e2b67a1793cbc4302e587ab618bb877303bfef1f566d77
- SSDEEP
  
  6144:tA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:tATuTAnKGwUAW3ycQqgf
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2