Overview

overview

10

Static

static

3

1c41d403e6...38.exe

windows7-x64

10

1c41d403e6...38.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1c41d403e66b43f22be8ca512e22483be53f4c8ea2061d72279bf94802a58538

  • Size

    62KB

  • Sample

    250224-y743xstmz6

  • MD5

    d0961ebbbb96c022100600a224d216fc

  • SHA1

    949495ea7e34f9e5859603a6a4887741ce8833cd

  • SHA256

    1c41d403e66b43f22be8ca512e22483be53f4c8ea2061d72279bf94802a58538

  • SHA512

    5d4e1875dd53f0a58a01f5aff15e9f6395904d9c422f9c84061a6ec99b428cc34bea1591669d064b050e5ed0c456d1a3a643e6c73f03cb1ade3867f17107cac1

  • SSDEEP

    768:fQiFq/HBQ/FuktI39dPOsB9kjI41E14grGe76g80MD7q/HBQQQOtZaO7X/RAaabu:4gquFSk3iMD7qVtzDR5aKiBlGKFCB

Score
10/10
tinbabankerdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      1c41d403e66b43f22be8ca512e22483be53f4c8ea2061d72279bf94802a58538

    • Size

      62KB

    • MD5

      d0961ebbbb96c022100600a224d216fc

    • SHA1

      949495ea7e34f9e5859603a6a4887741ce8833cd

    • SHA256

      1c41d403e66b43f22be8ca512e22483be53f4c8ea2061d72279bf94802a58538

    • SHA512

      5d4e1875dd53f0a58a01f5aff15e9f6395904d9c422f9c84061a6ec99b428cc34bea1591669d064b050e5ed0c456d1a3a643e6c73f03cb1ade3867f17107cac1

    • SSDEEP

      768:fQiFq/HBQ/FuktI39dPOsB9kjI41E14grGe76g80MD7q/HBQQQOtZaO7X/RAaabu:4gquFSk3iMD7qVtzDR5aKiBlGKFCB

    Score
    10/10
    tinbabankerdiscoverypersistencetrojan

    • Tinba / TinyBanker

      Banking trojan which uses packet sniffing to steal data.

      trojanbankertinba

    • Tinba family

      tinba

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks