MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1be863775aea6a872261f8eaab5cb533664707945fc211c71abf693a2f37789b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Tinba


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1be863775aea6a872261f8eaab5cb533664707945fc211c71abf693a2f37789b
SHA3-384 hash: 9ddaf8a40e29a116ef199801902111027b5c938e3738dbcdd5aae00446df03dbbf61c87be36f39b1774dff48cfaafe07
SHA1 hash: a5628e075fee78b2af217789af8b0b5176123936
MD5 hash: f5f58e6b72a153ec675e7f6029c1abae
humanhash: robert-cardinal-wolfram-august
File name:1be863775aea6a872261f8eaab5cb533664707945fc211c71abf693a2f37789b
Download: download sample
Signature Tinba
Create hunting rule
File size:112'128 bytes
First seen:2020-06-16 09:41:58 UTC
Last seen:2020-06-16 10:51:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b590d22b2fc10cf16ab9d4899496899b (1 x Tinba)
ssdeep 1536:H7g1tFk78cekfQ7+1YnlC0AIwZFN2eFZPCmjtUmpdolHh2PbhIX2S+2AX/UYSc6U:bgFeDUlAAeVjp4sjGX21wA
Threatray 80 similar samples on MalwareBazaar
TLSH 59B3192DB0727163EDEE06B0E1C74ADE8B40DF249EA54C2F7948954FAE48376850D2E7
Reporter JAMESWT_WT
Tags:Tinba

Intelligence

File Origin
# of uploads :
2
# of downloads :
1'077
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10842/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43344923.6852.27421.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Tinba
Create hunting rule
Status:
Malicious
First seen:
2015-03-25 00:08:00 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
052a7198fb77bc35af1b12cb629da41fd6d4be4f0c008c006f254f538301a3b5
Tinba
1002b7508336031b4e5c992ac2ab451c75f2782dd10f831829a9af87d32ed482
Tinba
1372551a1b2824bb421929fc8cdf683e64c53a48080be18335612a47fbd8a197
Tinba
251823645d1460928c1fd5f7cb861fb31e690238bb2707b2f2647baff98f9ca4
Tinba
697826e37f4032bffefac7a16507e97e4adecb92615c796dfb47f3c3cb83750e
Tinba
6ff412089c62ae8bea2f552a70420fe4834b00bd6f58cb413e2b0857b06cc177
Tinba
91a472a8df4bcc3b375a0bc8e70d79d62dda475cbf61efbb869fba40226b28ae
Tinba
9d88f50d2a47b2339497c9ea6cb7cb1f669865e1e8df8e9363b147b0fdc75aef
Tinba
bc3729fcbb326ce373f348d481a61f6d4468c6013d3c712224c54a64c9c278f9
Tinba
e615fe028fe30d535f142962719d8f9348b66805a8c81bbf7d78332d12f624c0
Tinba
+ 70 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence evasion trojan
Link:
https://tria.ge/reports/200624-gtpf2sxb26/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Checks whether UAC is enabled
Adds Run entry to start application
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/10842/

Comments