tinba | b664f7caf61ffedb271fd3d8aa2bcdbd19d352d21c56f209f5ae35ed35fb3576 | Triage

Sharing

General

Target

b664f7caf61ffedb271fd3d8aa2bcdbd19d352d21c56f209f5ae35ed35fb3576
Size

225KB
Sample

250203-en3k7szkgy
MD5

94f6c51df75c906816b3438f1338f1e7
SHA1

745064227a988cd3559a7a21a5a2616b308e63b7
SHA256

b664f7caf61ffedb271fd3d8aa2bcdbd19d352d21c56f209f5ae35ed35fb3576
SHA512

90da0a9c33e151173bbedb84773ec7493e3dd31eeed2d1814607618f4fea4812375dd7ec5d0b0d2b33f165cdcb16365ffe28df0500fbd506668384654eb2538d
SSDEEP

6144:XA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:XATuTAnKGwUAW3ycQqgf

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  b664f7caf61ffedb271fd3d8aa2bcdbd19d352d21c56f209f5ae35ed35fb3576
- Size
  
  225KB
- MD5
  
  94f6c51df75c906816b3438f1338f1e7
- SHA1
  
  745064227a988cd3559a7a21a5a2616b308e63b7
- SHA256
  
  b664f7caf61ffedb271fd3d8aa2bcdbd19d352d21c56f209f5ae35ed35fb3576
- SHA512
  
  90da0a9c33e151173bbedb84773ec7493e3dd31eeed2d1814607618f4fea4812375dd7ec5d0b0d2b33f165cdcb16365ffe28df0500fbd506668384654eb2538d
- SSDEEP
  
  6144:XA2P27yTAnKGw0hjFhSR/W11yAJ9v0pMtRCpYM:XATuTAnKGwUAW3ycQqgf
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2