Researchers Present Tinba, 20KB Trojan Banker

Discussion in 'malware problems & news' started by Dermot7, May 31, 2012.

Thread Status:
Not open for further replies.
  1. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,332
    Location:
    Surrey, England.
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    @ Dermot7 Thanks for posting :thumb:

    Analysis - http://anubis.iseclab.org/?action=result&task_id=12b5685b5b5acd2b4e5d5093fc3479d87&format=html

    Noted from the above, DAKOTAVOLANDOS.COM

    Is it Chinese or Rusian or ?

    I managed to get hold of it & run it. As usual i had to first allow it, & then the other stuff it sporned, through ProcessGuard.

    readme (2).exe = MD5: 08ab7f68c6b3a4a2a745cc244d41d213 launches winver.exe then deletes readme (2).exe

    winver.exe then launches Version Reporter Applet which wanted out, so i allowed it. The funny thing is that it goes to IP 92.242.132.9 which is http://www.barefruit.com/background/error_resolution.php

    Not sure why that should be, ANY ideas ? And also my ISP's DNS.

    I didn't notice anything unusual in Anything, when typing in false info at RBS, & PrevxSafeOnline didn't blink, or detect it. One possible reason for nothing bad happening, was my FW blocked incoming. As my time on this was short, i didn't persue it.

    Here's some screenies

    z1.gif za1.gif

    za2.gif rbs.gif
     
    Last edited by a moderator: May 31, 2012
  3. STV0726

    STV0726 Registered Member

    Joined:
    Jul 29, 2010
    Posts:
    900
    But the injection into web browsers only can occur AFTER the initial executable has been RAN...

    ...so anti-execution and policy restrictions will still block this piece of malware completely... :thumb:

    If that crap tried to automatically download and run on my computer, all I would see is an X-box message from group policy.
     
  4. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    771
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.