tinba | a4e685e7c8bb3aff7459bd11df9037665b99efa30a7cb94024500cd5e3032d0e | Triage

Sharing

General

Target

a4e685e7c8bb3aff7459bd11df9037665b99efa30a7cb94024500cd5e3032d0e
Size

248KB
Sample

250204-dpgvfssqfx
MD5

7b67bbfbf99ccafb2d90e4bf59987626
SHA1

03965b433fd61654c0b8e911756be4fa7c8f56eb
SHA256

a4e685e7c8bb3aff7459bd11df9037665b99efa30a7cb94024500cd5e3032d0e
SHA512

af3a763142a8f15875c9b181ba69574157765e46800d657ee9ef47f32be53c6e895a7cd54c7270dff249a7cc911456277130fa8186a2be1fe586db15bffbac41
SSDEEP

6144:xpt4NFj9pZQWzP1PkoVkOwi0JEltcQd2M/P:B4NPpZRP1Pvwi0JCtcAbX

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  a4e685e7c8bb3aff7459bd11df9037665b99efa30a7cb94024500cd5e3032d0e
- Size
  
  248KB
- MD5
  
  7b67bbfbf99ccafb2d90e4bf59987626
- SHA1
  
  03965b433fd61654c0b8e911756be4fa7c8f56eb
- SHA256
  
  a4e685e7c8bb3aff7459bd11df9037665b99efa30a7cb94024500cd5e3032d0e
- SHA512
  
  af3a763142a8f15875c9b181ba69574157765e46800d657ee9ef47f32be53c6e895a7cd54c7270dff249a7cc911456277130fa8186a2be1fe586db15bffbac41
- SSDEEP
  
  6144:xpt4NFj9pZQWzP1PkoVkOwi0JEltcQd2M/P:B4NPpZRP1Pvwi0JCtcAbX
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2