tinba | 6cc28a95d9bba032dc7d4bee671198a089fea7b1c8c664f63a7667aa336d6ee6 | Triage

Sharing

General

Target

6cc28a95d9bba032dc7d4bee671198a089fea7b1c8c664f63a7667aa336d6ee6
Size

54KB
Sample

250204-3y125aynfw
MD5

7dcd2b90a1497ef0c7479be38c2abb44
SHA1

d426d66750af14553a55912358c65846cb4d0502
SHA256

6cc28a95d9bba032dc7d4bee671198a089fea7b1c8c664f63a7667aa336d6ee6
SHA512

adf61b207db733b7625b10c2ba87d2e0ebf41f8405ad21f24bf7f6ba967dc304297c7e23711c06b69103215b784cc13f0684155d2a6c04f4617b499124381667
SSDEEP

768:e3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBS:W5tPusSRJDTlLTOpJiaDjts4gfFi2+A

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  6cc28a95d9bba032dc7d4bee671198a089fea7b1c8c664f63a7667aa336d6ee6
- Size
  
  54KB
- MD5
  
  7dcd2b90a1497ef0c7479be38c2abb44
- SHA1
  
  d426d66750af14553a55912358c65846cb4d0502
- SHA256
  
  6cc28a95d9bba032dc7d4bee671198a089fea7b1c8c664f63a7667aa336d6ee6
- SHA512
  
  adf61b207db733b7625b10c2ba87d2e0ebf41f8405ad21f24bf7f6ba967dc304297c7e23711c06b69103215b784cc13f0684155d2a6c04f4617b499124381667
- SSDEEP
  
  768:e3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBS:W5tPusSRJDTlLTOpJiaDjts4gfFi2+A
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2