Researchers Present Tinba, 20KB Trojan Banker

Discussion in 'malware problems & news' started by Dermot7, May 31, 2012.

Thread Status:
Not open for further replies.
  1. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ Dermot7 Thanks for posting :thumb:

    Analysis - http://anubis.iseclab.org/?action=result&task_id=12b5685b5b5acd2b4e5d5093fc3479d87&format=html

    Noted from the above, DAKOTAVOLANDOS.COM

    Is it Chinese or Rusian or ?

    I managed to get hold of it & run it. As usual i had to first allow it, & then the other stuff it sporned, through ProcessGuard.

    readme (2).exe = MD5: 08ab7f68c6b3a4a2a745cc244d41d213 launches winver.exe then deletes readme (2).exe

    winver.exe then launches Version Reporter Applet which wanted out, so i allowed it. The funny thing is that it goes to IP 92.242.132.9 which is http://www.barefruit.com/background/error_resolution.php

    Not sure why that should be, ANY ideas ? And also my ISP's DNS.

    I didn't notice anything unusual in Anything, when typing in false info at RBS, & PrevxSafeOnline didn't blink, or detect it. One possible reason for nothing bad happening, was my FW blocked incoming. As my time on this was short, i didn't persue it.

    Here's some screenies

    z1.gif za1.gif

    za2.gif rbs.gif
     
    Last edited by a moderator: May 31, 2012
  3. STV0726

    STV0726 Registered Member

    Joined:
    Jul 29, 2010
    Posts:
    900
    But the injection into web browsers only can occur AFTER the initial executable has been RAN...

    ...so anti-execution and policy restrictions will still block this piece of malware completely... :thumb:

    If that crap tried to automatically download and run on my computer, all I would see is an X-box message from group policy.
     
  4. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    708
Loading...
Thread Status:
Not open for further replies.