tinba | 1034e4044b3b88e57c7b1b8ef3374049a8fb741943caa68b3e06a2b38dc1a4a8 | Triage

Sharing

General

Target

1034e4044b3b88e57c7b1b8ef3374049a8fb741943caa68b3e06a2b38dc1a4a8
Size

225KB
Sample

250126-ye4xfs1mdx
MD5

4895d6a3e266a072c5b5d29d95879df4
SHA1

c4b2941acf78dc89dc71736e6286f187a0d23656
SHA256

1034e4044b3b88e57c7b1b8ef3374049a8fb741943caa68b3e06a2b38dc1a4a8
SHA512

61c51185b17d7684e3ac494f06e7151eab2c25add08e62e2b6a42542ec60b645b84942d37d99d15935183d548494c07a0e64abdbff83d4e9cb42dc1e7a997f68
SSDEEP

6144:WA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:WATuTAnKGwUAW3ycQqgf

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  1034e4044b3b88e57c7b1b8ef3374049a8fb741943caa68b3e06a2b38dc1a4a8
- Size
  
  225KB
- MD5
  
  4895d6a3e266a072c5b5d29d95879df4
- SHA1
  
  c4b2941acf78dc89dc71736e6286f187a0d23656
- SHA256
  
  1034e4044b3b88e57c7b1b8ef3374049a8fb741943caa68b3e06a2b38dc1a4a8
- SHA512
  
  61c51185b17d7684e3ac494f06e7151eab2c25add08e62e2b6a42542ec60b645b84942d37d99d15935183d548494c07a0e64abdbff83d4e9cb42dc1e7a997f68
- SSDEEP
  
  6144:WA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:WATuTAnKGwUAW3ycQqgf
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2