tinba | 07dec5020a1a6fe8870a8c94271b38decbf17472678ec02ff3c68ffb68f3fac2 | Triage

Sharing

General

Target

07dec5020a1a6fe8870a8c94271b38decbf17472678ec02ff3c68ffb68f3fac2N.exe
Size

54KB
Sample

250126-3wgkps1mbn
MD5

c86e7823b7361870ee9f7c47d1ad6f50
SHA1

02a9a57aa456d7e85c49dd2bd511f3444f30e6fb
SHA256

07dec5020a1a6fe8870a8c94271b38decbf17472678ec02ff3c68ffb68f3fac2
SHA512

982e3f74155670c86f48726425c48c5c6a9487789d3a5e2e7cb7a73df272d0e1d941acd6b8a89eac97adb192f7648957dae93d53f380c9bb1f7d6d10a8207e19
SSDEEP

768:q3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBS:65tPusSRJDTlLTOpJiaDjts4gfFi2+A

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  07dec5020a1a6fe8870a8c94271b38decbf17472678ec02ff3c68ffb68f3fac2N.exe
- Size
  
  54KB
- MD5
  
  c86e7823b7361870ee9f7c47d1ad6f50
- SHA1
  
  02a9a57aa456d7e85c49dd2bd511f3444f30e6fb
- SHA256
  
  07dec5020a1a6fe8870a8c94271b38decbf17472678ec02ff3c68ffb68f3fac2
- SHA512
  
  982e3f74155670c86f48726425c48c5c6a9487789d3a5e2e7cb7a73df272d0e1d941acd6b8a89eac97adb192f7648957dae93d53f380c9bb1f7d6d10a8207e19
- SSDEEP
  
  768:q3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBS:65tPusSRJDTlLTOpJiaDjts4gfFi2+A
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2