tinba | b332b6c2945a68b9a5f9f3ece9580b20055f8fd144e55415a70cb333b37aac7e | Triage

Sharing

General

Target

b332b6c2945a68b9a5f9f3ece9580b20055f8fd144e55415a70cb333b37aac7e.exe
Size

54KB
Sample

250224-qqlagsvls8
MD5

3e4f5925ab8cff3cf37c5fd7d7b14873
SHA1

83f334dc9c53015bd335f8aba36f5381daafccc2
SHA256

b332b6c2945a68b9a5f9f3ece9580b20055f8fd144e55415a70cb333b37aac7e
SHA512

ce481598398c6b82a7314b0d09532686096715c9d83379f2a98e97c587f5a1d1fb0196baefbdca0b66d32ec3b7941caf964b8bf8153af8528f15b4dbbaee19de
SSDEEP

768:W3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBC:O5tPusSRJDTlLTOpJiaDjts4gfFi2+g

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  b332b6c2945a68b9a5f9f3ece9580b20055f8fd144e55415a70cb333b37aac7e.exe
- Size
  
  54KB
- MD5
  
  3e4f5925ab8cff3cf37c5fd7d7b14873
- SHA1
  
  83f334dc9c53015bd335f8aba36f5381daafccc2
- SHA256
  
  b332b6c2945a68b9a5f9f3ece9580b20055f8fd144e55415a70cb333b37aac7e
- SHA512
  
  ce481598398c6b82a7314b0d09532686096715c9d83379f2a98e97c587f5a1d1fb0196baefbdca0b66d32ec3b7941caf964b8bf8153af8528f15b4dbbaee19de
- SSDEEP
  
  768:W3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBC:O5tPusSRJDTlLTOpJiaDjts4gfFi2+g
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2