tinba | 939f6cae23a5819bc16d1b73d7289f5b2413f94041a35e5825795d538a7977cb | Triage

Sharing

General

Target

939f6cae23a5819bc16d1b73d7289f5b2413f94041a35e5825795d538a7977cb
Size

54KB
Sample

250225-c3yvfsxqs5
MD5

b77f8015cb2d0359f55d4dc8eac09633
SHA1

5cb8c904b3ad657f59c186e67527f0a2ca98cb11
SHA256

939f6cae23a5819bc16d1b73d7289f5b2413f94041a35e5825795d538a7977cb
SHA512

b802eaf54485064d904b654d92927b0a7fcfaf0e1ee87df9364cb748a640034e8ef8cd0a752f9d1dd505dfd7324d212d557d55035f44f7867a7057d88b830a4a
SSDEEP

768:c3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBS:s5tPusSRJDTlLTOpJiaDjts4gfFi2+A

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  939f6cae23a5819bc16d1b73d7289f5b2413f94041a35e5825795d538a7977cb
- Size
  
  54KB
- MD5
  
  b77f8015cb2d0359f55d4dc8eac09633
- SHA1
  
  5cb8c904b3ad657f59c186e67527f0a2ca98cb11
- SHA256
  
  939f6cae23a5819bc16d1b73d7289f5b2413f94041a35e5825795d538a7977cb
- SHA512
  
  b802eaf54485064d904b654d92927b0a7fcfaf0e1ee87df9364cb748a640034e8ef8cd0a752f9d1dd505dfd7324d212d557d55035f44f7867a7057d88b830a4a
- SSDEEP
  
  768:c3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBS:s5tPusSRJDTlLTOpJiaDjts4gfFi2+A
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2