A forum for reverse engineering, OS internals and malware analysis 

WinNT/Tinba (World’s smallest trojan-banker)

Forum for analysis and discussion about malware.

Say hello to Tinba: World’s smallest trojan-banker

 #13571  by 360Tencent
 Thu May 31, 2012 2:13 pm
http://www.csis.dk/en/csis/news/3566/
Tinba is the smallest trojan-banker we have ever encountered and it belongs to a complete new family of malware which we expect to be battling in upcoming months.

The code is approx 20KB in size (including config and webinjects) and comes simple and clear without any packing or advanced encryption. Antivirus detection of the analyzed samples is low.

Re: Malware Requests

 #13576  by rkhunter
 Thu May 31, 2012 3:50 pm
erikloman wrote:Hello,

Looking for Tinba, a tiny banking trojan as mentioned here:
http://www.csis.dk/en/csis/news/3566/

Edit: 8CC5050F513ED22780D4E85857A77A1FB2A3083D792CD550089B64E1D2EF58E9
MD5: 08ab7f68c6b3a4a2a745cc244d41d213
SHA1: 16c5fa4fd7b0087919d5eca441d5f079817754e2
Attachments
pass:infected
(8.53 KiB) Downloaded 188 times

Re: Say hello to Tinba: World’s smallest trojan-banker

 #13618  by rkhunter
 Fri Jun 01, 2012 7:04 pm
One more Zusy/Tinba with similar behaviour.
BlackHole payload http://www.malwaredomainlist.com/mdl.ph ... uantity=50

MD5: b6991e7497a31fada9877907c63a5888
SHA1: d5564400d5fef5dc46385e4774d515574e0c1405
5 / 42 https://www.virustotal.com/file/09478bf ... /analysis/
Kaspersky: Trojan-Spy.Win32.SpyEyes.afnr
Attachments
pass:infected
(8.69 KiB) Downloaded 128 times

Re: Say hello to Tinba: World’s smallest trojan-banker

 #14287  by Peter Kleissner
 Tue Jun 26, 2012 9:49 am
I have decrypted a few samples, they can be now be analyzed easily in IDA. This is it's embedded configuration:
Code: Select all
[urlfilter]
https://* P
!*microsoft.* GP
!*google.* GP
*accounts.google.*/ServiceLoginAuth* P
!*facebook.* GP
*facebook.*/login.php* P
!*onlinechat.gmx.* GP
*service.gmx.*/cgi/login* P
[end]
I identified 3 TinyBanker botnets, which have no working C&C though.
Attachments
pw: infected
(49.83 KiB) Downloaded 140 times
 Return to “Malware”