tinba | e42c2a0dad93741e4985351f824ed7659f6c8fa5ddeef6bc46c398a87bff7ec9 | Triage

Sharing

General

Target

e42c2a0dad93741e4985351f824ed7659f6c8fa5ddeef6bc46c398a87bff7ec9N.exe
Size

54KB
Sample

250205-b8d7kavmbk
MD5

31f454915de85273053972470c085b40
SHA1

7c7720307edc58be58a8cf90a1c95c5f3e9011b4
SHA256

e42c2a0dad93741e4985351f824ed7659f6c8fa5ddeef6bc46c398a87bff7ec9
SHA512

d2a328b4146b109c9abb71367b2397dccdb1f51b96b6359a18ea6ce8666abc96a223844953e7b9d268c46324ab89fe087f13138eb4e9adf5478f464faae98ab4
SSDEEP

768:+3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBS:25tPusSRJDTlLTOpJiaDjts4gfFi2+A

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  e42c2a0dad93741e4985351f824ed7659f6c8fa5ddeef6bc46c398a87bff7ec9N.exe
- Size
  
  54KB
- MD5
  
  31f454915de85273053972470c085b40
- SHA1
  
  7c7720307edc58be58a8cf90a1c95c5f3e9011b4
- SHA256
  
  e42c2a0dad93741e4985351f824ed7659f6c8fa5ddeef6bc46c398a87bff7ec9
- SHA512
  
  d2a328b4146b109c9abb71367b2397dccdb1f51b96b6359a18ea6ce8666abc96a223844953e7b9d268c46324ab89fe087f13138eb4e9adf5478f464faae98ab4
- SSDEEP
  
  768:+3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBS:25tPusSRJDTlLTOpJiaDjts4gfFi2+A
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2