tinba | e695741f303ba79627353128bc397f9360ce4063260d58d19469bef08ddcaf29 | Triage

Sharing

General

Target

e695741f303ba79627353128bc397f9360ce4063260d58d19469bef08ddcaf29
Size

54KB
Sample

250224-jfwj5s1lex
MD5

e87511c193696bde9ae5cc2cd350bda7
SHA1

917d9334a81b83a14994303365062504eb0f4363
SHA256

e695741f303ba79627353128bc397f9360ce4063260d58d19469bef08ddcaf29
SHA512

256578043c62f166fbcb1c9680a7ff0fd48679dd8cb913ef0ed038848bf52e7b6984327af461a89a8340bc4298cf201094aec31877991a705647ed58e99996c7
SSDEEP

768:B3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBS:55tPusSRJDTlLTOpJiaDjts4gfFi2+A

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  e695741f303ba79627353128bc397f9360ce4063260d58d19469bef08ddcaf29
- Size
  
  54KB
- MD5
  
  e87511c193696bde9ae5cc2cd350bda7
- SHA1
  
  917d9334a81b83a14994303365062504eb0f4363
- SHA256
  
  e695741f303ba79627353128bc397f9360ce4063260d58d19469bef08ddcaf29
- SHA512
  
  256578043c62f166fbcb1c9680a7ff0fd48679dd8cb913ef0ed038848bf52e7b6984327af461a89a8340bc4298cf201094aec31877991a705647ed58e99996c7
- SSDEEP
  
  768:B3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBS:55tPusSRJDTlLTOpJiaDjts4gfFi2+A
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2