tinba | 842bedb487c38e44618e8da0b472d66ba2c6b356881b7d85c2da04d412aeffe3 | Triage

Sharing

General

Target

842bedb487c38e44618e8da0b472d66ba2c6b356881b7d85c2da04d412aeffe3.exe
Size

54KB
Sample

250205-kyngxszjd1
MD5

9a8c530783c2589b773ed06ba4db67cf
SHA1

0291775b927677de837f367f4bfe19661b0bfae7
SHA256

842bedb487c38e44618e8da0b472d66ba2c6b356881b7d85c2da04d412aeffe3
SHA512

7749b096219e3468aa4005fd864372dcbefd86f3f98143d2c5f49918a07c9c85625bf00118b310d745e77cb8c9439b3ab5c5241fac0028209f77ac1877a05af6
SSDEEP

768:+3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBW:25tPusSRJDTlLTOpJiaDjts4gfFi2+w

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  842bedb487c38e44618e8da0b472d66ba2c6b356881b7d85c2da04d412aeffe3.exe
- Size
  
  54KB
- MD5
  
  9a8c530783c2589b773ed06ba4db67cf
- SHA1
  
  0291775b927677de837f367f4bfe19661b0bfae7
- SHA256
  
  842bedb487c38e44618e8da0b472d66ba2c6b356881b7d85c2da04d412aeffe3
- SHA512
  
  7749b096219e3468aa4005fd864372dcbefd86f3f98143d2c5f49918a07c9c85625bf00118b310d745e77cb8c9439b3ab5c5241fac0028209f77ac1877a05af6
- SSDEEP
  
  768:+3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBW:25tPusSRJDTlLTOpJiaDjts4gfFi2+w
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2