Tinba - Trojan-banker detection ?

Tinba: World’s smallest trojan-banker

https://www.wilderssecurity.com/showthread.php?t=325210

Hi, my PSOL still not detecting this nasty today ?

Could you offer Any insight into the IP outbound, in the post above ?

TIA

 

PSO generically blocks its actions so there isn't a need to block the file itself, although I checked the MD5s and we are blocking it as of yesterday.

 

@ PrevxHelp

Hi, that's good to hear Though i havn't tested it yet.

I just scanned the folder with the 08ab7f68c6b3a4a2a745cc244d41d213 original nasty & the same but renamed readme (2).exe that i executed as in the other thread. NO detection here ?



The screenie just shows one of the scans, but both were identical !

Any info about the IP i mentioned ?

 

It's bad in our database but the SafeOnline version uses delayed rules to prevent FPs as it is meant to be silent to the user. I haven't looked closer at the IP address at this point.

 

@ PrevxHelp

First time i've heard that, considering ALL the previous tests i've done with PSOL !

As soon as you do, please let us know your impressions

When i said i hadn't tested it yet, i obviously did, i was thinking of another one, sorry for the slip up.