tinba | 3a5f2c81e3a85ba2beb984b96abea2afb1f8f8c188df7eef8d82399f863d13ac | Triage

Sharing

General

Target

3a5f2c81e3a85ba2beb984b96abea2afb1f8f8c188df7eef8d82399f863d13ac
Size

54KB
Sample

250222-1pfzgszjbs
MD5

1f37d462993d92b71a98025a7944db60
SHA1

b1d13b1abb0fcf9f6ebdb5d1ee1c5900acbd2005
SHA256

3a5f2c81e3a85ba2beb984b96abea2afb1f8f8c188df7eef8d82399f863d13ac
SHA512

4313e9919beaff58bdc9e471ec825873e3c1855efd94a841f13d599a52b2c6fda5cd9bfe0f252ee837e483bf3012b2c572a6a1937f247d6e11d65c9d1381ecad
SSDEEP

768:j3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBS:b5tPusSRJDTlLTOpJiaDjts4gfFi2+A

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  3a5f2c81e3a85ba2beb984b96abea2afb1f8f8c188df7eef8d82399f863d13ac
- Size
  
  54KB
- MD5
  
  1f37d462993d92b71a98025a7944db60
- SHA1
  
  b1d13b1abb0fcf9f6ebdb5d1ee1c5900acbd2005
- SHA256
  
  3a5f2c81e3a85ba2beb984b96abea2afb1f8f8c188df7eef8d82399f863d13ac
- SHA512
  
  4313e9919beaff58bdc9e471ec825873e3c1855efd94a841f13d599a52b2c6fda5cd9bfe0f252ee837e483bf3012b2c572a6a1937f247d6e11d65c9d1381ecad
- SSDEEP
  
  768:j3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBS:b5tPusSRJDTlLTOpJiaDjts4gfFi2+A
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2