Overview

overview

10

Static

static

3

b1c2799b3d...25.exe

windows7-x64

10

b1c2799b3d...25.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b1c2799b3d038e31ada575f950ef44bf535c8f7c63f5aa548e1a28510d388a25.exe

  • Size

    54KB

  • Sample

    250212-qvbxlstjbq

  • MD5

    9c075695fdcd565287d2cad1f4814330

  • SHA1

    b9d97ecc70769e7b668d91650dd2f2d08da985ee

  • SHA256

    b1c2799b3d038e31ada575f950ef44bf535c8f7c63f5aa548e1a28510d388a25

  • SHA512

    5b80bb22a9c3106753c4d74d758d52ee2441f56281fcade8e7780e71db9cb6b4766ac3ce7e920b3b8067e236632c2751c5c1b4e57f860e854067b64205797495

  • SSDEEP

    768:O3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBC:G5tPusSRJDTlLTOpJiaDjts4gfFi2+g

Score
10/10
tinbabankerdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      b1c2799b3d038e31ada575f950ef44bf535c8f7c63f5aa548e1a28510d388a25.exe

    • Size

      54KB

    • MD5

      9c075695fdcd565287d2cad1f4814330

    • SHA1

      b9d97ecc70769e7b668d91650dd2f2d08da985ee

    • SHA256

      b1c2799b3d038e31ada575f950ef44bf535c8f7c63f5aa548e1a28510d388a25

    • SHA512

      5b80bb22a9c3106753c4d74d758d52ee2441f56281fcade8e7780e71db9cb6b4766ac3ce7e920b3b8067e236632c2751c5c1b4e57f860e854067b64205797495

    • SSDEEP

      768:O3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBC:G5tPusSRJDTlLTOpJiaDjts4gfFi2+g

    Score
    10/10
    tinbabankerdiscoverypersistencetrojan

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

      trojanbankertinba

    • Tinba family

      tinba

    • Downloads MZ/PE file

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks