tinba | b7764a1955a6c2b27e90e70ae0f32b1722ab13a14e5b74ad40b1612ab4685c70 | Triage

Sharing

General

Target

b7764a1955a6c2b27e90e70ae0f32b1722ab13a14e5b74ad40b1612ab4685c70
Size

112KB
Sample

250224-f5xlyszmgt
MD5

dc44464edda6fe8cda58153734080dfc
SHA1

762391595db2c2de81832cc8f3914e6b905bd546
SHA256

b7764a1955a6c2b27e90e70ae0f32b1722ab13a14e5b74ad40b1612ab4685c70
SHA512

446243302a9cd8039f7be571dda6608275e6a41159c732e13a70e9b7da2698ac238e959a3430df8fa9be2de31b3babc4802cd9a2c7fc4e252c19fc9e22c07238
SSDEEP

3072:/afe8iokAMMKzU2YAPNAQxxlNk3Um/u1hp13JeoSG:/afviokAMMohe3UmG1hpeoSG

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  b7764a1955a6c2b27e90e70ae0f32b1722ab13a14e5b74ad40b1612ab4685c70
- Size
  
  112KB
- MD5
  
  dc44464edda6fe8cda58153734080dfc
- SHA1
  
  762391595db2c2de81832cc8f3914e6b905bd546
- SHA256
  
  b7764a1955a6c2b27e90e70ae0f32b1722ab13a14e5b74ad40b1612ab4685c70
- SHA512
  
  446243302a9cd8039f7be571dda6608275e6a41159c732e13a70e9b7da2698ac238e959a3430df8fa9be2de31b3babc4802cd9a2c7fc4e252c19fc9e22c07238
- SSDEEP
  
  3072:/afe8iokAMMKzU2YAPNAQxxlNk3Um/u1hp13JeoSG:/afviokAMMohe3UmG1hpeoSG
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2