MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d88f50d2a47b2339497c9ea6cb7cb1f669865e1e8df8e9363b147b0fdc75aef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Tinba


Vendor detections: 4


Intelligence 4 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9d88f50d2a47b2339497c9ea6cb7cb1f669865e1e8df8e9363b147b0fdc75aef
SHA3-384 hash: 8f93ff78c484240396cf54429eaff678bff5ae9dca2b6b852b222778fe60f94a04e4b9446567c08ade0b9ef7e2bd88e7
SHA1 hash: de84c049361592ed03126931f7945ddfe715fd5b
MD5 hash: 601b86f19d134fc352252c96737d68e8
humanhash: alabama-dakota-friend-oxygen
File name:9d88f50d2a47b2339497c9ea6cb7cb1f669865e1e8df8e9363b147b0fdc75aef
Download: download sample
Signature Tinba
Create hunting rule
File size:91'648 bytes
First seen:2020-06-10 09:51:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 262abbf68388b9547a0a3e1b22096fd8 (2 x Tinba)
ssdeep 1536:l9o65gQK3Zm+Mt9RV5O8oQ9cXFunGm6ManhFLnBqHan6owwosTk8vxA:l9o6fK2XqXQwhnHlqQo8Lvy
Threatray 150 similar samples on MalwareBazaar
TLSH 35937C754592236AF9E580FDF9A15BE387C3093AC121CA97B3D15A09BC2C6B060D4DEB
Reporter JAMESWT_WT
Tags:Tinba

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'062
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-06 23:08:00 UTC
File Type:
PE (Exe)
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=twepkdjki6zdhfexzhvgzn6ld5tjqzpb5dpy5e3dwfd3b7ohllxq._file
Verdict:
malicious
Similar samples:
052a7198fb77bc35af1b12cb629da41fd6d4be4f0c008c006f254f538301a3b5
Tinba
1002b7508336031b4e5c992ac2ab451c75f2782dd10f831829a9af87d32ed482
Tinba
1372551a1b2824bb421929fc8cdf683e64c53a48080be18335612a47fbd8a197
Tinba
251823645d1460928c1fd5f7cb861fb31e690238bb2707b2f2647baff98f9ca4
Tinba
697826e37f4032bffefac7a16507e97e4adecb92615c796dfb47f3c3cb83750e
Tinba
6ff412089c62ae8bea2f552a70420fe4834b00bd6f58cb413e2b0857b06cc177
Tinba
91a472a8df4bcc3b375a0bc8e70d79d62dda475cbf61efbb869fba40226b28ae
Tinba
bc3729fcbb326ce373f348d481a61f6d4468c6013d3c712224c54a64c9c278f9
Tinba
e615fe028fe30d535f142962719d8f9348b66805a8c81bbf7d78332d12f624c0
Tinba
fcb020fc827bf432792feef13068e8094ae0dd1f201fa398a360eecf6216630b
Tinba
+ 140 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-9caarpz6ha/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of UnmapMainImage
Adds Run key to start application
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_tinba_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:win_tinba_g1
Create hunting rule
Author:Slavo Greminger, SWITCH-CERT
Rule name:win_tinba_w0
Create hunting rule
Author:n3sfox <n3sfox@gmail.com>
Description:Tinba 2 (DGA) banking trojan
Reference:https://securityintelligence.com/tinba-malware-reloaded-and-attacking-banks-around-the-world

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments