tinba | ff72623ff0898ab1ffae60e39ca079b01fb32a2be47eadeab57ea2c09cf80d7c | Triage

Sharing

General

Target

ff72623ff0898ab1ffae60e39ca079b01fb32a2be47eadeab57ea2c09cf80d7cN.exe
Size

54KB
Sample

250126-bz8ptaypdn
MD5

7381b9c7d9bd5949002117b9b65f8bc0
SHA1

e0c787e9c5fccb20c5610c9a20b52e4d338b3870
SHA256

ff72623ff0898ab1ffae60e39ca079b01fb32a2be47eadeab57ea2c09cf80d7c
SHA512

49066db9c74645607b839b7b43b87ff80f0c5f2863f5d025c57bf94eaca7eb03faa317fffdad1121560807aca9929ec9dd5da38d2c5a5804aecb662f076f16a9
SSDEEP

768:s3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBS:85tPusSRJDTlLTOpJiaDjts4gfFi2+A

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  ff72623ff0898ab1ffae60e39ca079b01fb32a2be47eadeab57ea2c09cf80d7cN.exe
- Size
  
  54KB
- MD5
  
  7381b9c7d9bd5949002117b9b65f8bc0
- SHA1
  
  e0c787e9c5fccb20c5610c9a20b52e4d338b3870
- SHA256
  
  ff72623ff0898ab1ffae60e39ca079b01fb32a2be47eadeab57ea2c09cf80d7c
- SHA512
  
  49066db9c74645607b839b7b43b87ff80f0c5f2863f5d025c57bf94eaca7eb03faa317fffdad1121560807aca9929ec9dd5da38d2c5a5804aecb662f076f16a9
- SSDEEP
  
  768:s3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBS:85tPusSRJDTlLTOpJiaDjts4gfFi2+A
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2