tinba | 85cff8a875d4fd0c3cea88044cac87977129bfbfea981357cb0e2b2ff4705387 | Triage

Sharing

General

Target

85cff8a875d4fd0c3cea88044cac87977129bfbfea981357cb0e2b2ff4705387.exe
Size

54KB
Sample

250124-k1p4jasjel
MD5

1c27b76ae6c28e20db87238b8974388d
SHA1

e05c88fb097526e8db7ff7c2e336110018bb3c57
SHA256

85cff8a875d4fd0c3cea88044cac87977129bfbfea981357cb0e2b2ff4705387
SHA512

26bad0d30d4670e91b9421b0774a65c1b1a25de29b626cd1f0b6f6e36070dd7715ff70b60b1919145a8525f01d2cc7fba501b0f4a90e94beb5288514b2694ba0
SSDEEP

768:s3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBC:85tPusSRJDTlLTOpJiaDjts4gfFi2+g

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  85cff8a875d4fd0c3cea88044cac87977129bfbfea981357cb0e2b2ff4705387.exe
- Size
  
  54KB
- MD5
  
  1c27b76ae6c28e20db87238b8974388d
- SHA1
  
  e05c88fb097526e8db7ff7c2e336110018bb3c57
- SHA256
  
  85cff8a875d4fd0c3cea88044cac87977129bfbfea981357cb0e2b2ff4705387
- SHA512
  
  26bad0d30d4670e91b9421b0774a65c1b1a25de29b626cd1f0b6f6e36070dd7715ff70b60b1919145a8525f01d2cc7fba501b0f4a90e94beb5288514b2694ba0
- SSDEEP
  
  768:s3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBC:85tPusSRJDTlLTOpJiaDjts4gfFi2+g
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2