tinba | 2d14b13c33cba0a89364fad146d55a84fd2be0b2f95547d3bb4ae29552f0e3c7 | Triage

Sharing

General

Target

2d14b13c33cba0a89364fad146d55a84fd2be0b2f95547d3bb4ae29552f0e3c7N.exe
Size

54KB
Sample

250127-tpzchawqdz
MD5

97b8777ba1b995e8aff729bc2d7dfc40
SHA1

386a6fdf9a91b2e48ce1b9f69f51af16dfad7ee2
SHA256

2d14b13c33cba0a89364fad146d55a84fd2be0b2f95547d3bb4ae29552f0e3c7
SHA512

6e776c2d6e37db4c4cca9eaf347c65c3e6e81e1c22e78f6c14bf327c029a9518520c7ea2ccef721167bd4fd4e00c2653cfd76337cf1bd4111526b86c3439a56f
SSDEEP

768:+3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBS:25tPusSRJDTlLTOpJiaDjts4gfFi2+A

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  2d14b13c33cba0a89364fad146d55a84fd2be0b2f95547d3bb4ae29552f0e3c7N.exe
- Size
  
  54KB
- MD5
  
  97b8777ba1b995e8aff729bc2d7dfc40
- SHA1
  
  386a6fdf9a91b2e48ce1b9f69f51af16dfad7ee2
- SHA256
  
  2d14b13c33cba0a89364fad146d55a84fd2be0b2f95547d3bb4ae29552f0e3c7
- SHA512
  
  6e776c2d6e37db4c4cca9eaf347c65c3e6e81e1c22e78f6c14bf327c029a9518520c7ea2ccef721167bd4fd4e00c2653cfd76337cf1bd4111526b86c3439a56f
- SSDEEP
  
  768:+3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBS:25tPusSRJDTlLTOpJiaDjts4gfFi2+A
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2