tinba | 4110d372545ba5c3a8374c5e39cef5bea1b50dce46020c1983d45ef9f180f426 | Triage

Sharing

General

Target

4110d372545ba5c3a8374c5e39cef5bea1b50dce46020c1983d45ef9f180f426N.exe
Size

54KB
Sample

250224-j1xb6s1pgx
MD5

7e556eb0df043e156ac5fd6703590e00
SHA1

1261ddc52e4213a944c06aa1ebb7a16aeaeb128c
SHA256

4110d372545ba5c3a8374c5e39cef5bea1b50dce46020c1983d45ef9f180f426
SHA512

f5b95cf9088ef0c5eaf1bc96580d6c7763bcb902929de844b57fc00fbf2ce471c2cf6bbf2171584e3672798cf55ffa3d9bc62b5f0e2e3f1d619b852fa442af86
SSDEEP

768:13CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBS:l5tPusSRJDTlLTOpJiaDjts4gfFi2+A

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  4110d372545ba5c3a8374c5e39cef5bea1b50dce46020c1983d45ef9f180f426N.exe
- Size
  
  54KB
- MD5
  
  7e556eb0df043e156ac5fd6703590e00
- SHA1
  
  1261ddc52e4213a944c06aa1ebb7a16aeaeb128c
- SHA256
  
  4110d372545ba5c3a8374c5e39cef5bea1b50dce46020c1983d45ef9f180f426
- SHA512
  
  f5b95cf9088ef0c5eaf1bc96580d6c7763bcb902929de844b57fc00fbf2ce471c2cf6bbf2171584e3672798cf55ffa3d9bc62b5f0e2e3f1d619b852fa442af86
- SSDEEP
  
  768:13CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBS:l5tPusSRJDTlLTOpJiaDjts4gfFi2+A
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2