tinba | 982b2127a0aa7bbec77e9b5dd1d7264393b3a4c1b2b6f52375feafb9a6304b06 | Triage

Sharing

General

Target

982b2127a0aa7bbec77e9b5dd1d7264393b3a4c1b2b6f52375feafb9a6304b06
Size

54KB
Sample

250225-c94paaymv9
MD5

b05335c6b2ccb6ffa273bd07fef3f3a5
SHA1

6e943917e941d04f04b9891ddabea9efe0ca81f6
SHA256

982b2127a0aa7bbec77e9b5dd1d7264393b3a4c1b2b6f52375feafb9a6304b06
SHA512

87624e6959e78a9c1311d367dfe1ec78937aa47b7601f4f5901dcc833134893b8f7fe0cecb50788e5f0890f729cc1707ec0df95e2fd61bf7a54179fd38026b64
SSDEEP

768:73CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBW:z5tPusSRJDTlLTOpJiaDjts4gfFi2+w

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  982b2127a0aa7bbec77e9b5dd1d7264393b3a4c1b2b6f52375feafb9a6304b06
- Size
  
  54KB
- MD5
  
  b05335c6b2ccb6ffa273bd07fef3f3a5
- SHA1
  
  6e943917e941d04f04b9891ddabea9efe0ca81f6
- SHA256
  
  982b2127a0aa7bbec77e9b5dd1d7264393b3a4c1b2b6f52375feafb9a6304b06
- SHA512
  
  87624e6959e78a9c1311d367dfe1ec78937aa47b7601f4f5901dcc833134893b8f7fe0cecb50788e5f0890f729cc1707ec0df95e2fd61bf7a54179fd38026b64
- SSDEEP
  
  768:73CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBW:z5tPusSRJDTlLTOpJiaDjts4gfFi2+w
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2