ioc[.]one - OSINT Cyber Threat Intelligence Database

May 31 - Tinba / Zusy - tiny banker trojan

Tags

country:	United States Of America
attack-pattern:	Data Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Man In The Browser - T1185

Show in Graph

Common Information

Type	Value
UUID	39da410b-b793-42fd-a568-e3f9964bc1c6
Fingerprint	95d28d7bec608b97
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 6, 2012, 1:55 a.m.
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	UNKNOWN
Title	May 31 - Tinba / Zusy - tiny banker trojan
Detected Hints/Tags/Attributes	41/2/65

Source URLs

	Redirection	Url
Details	Source	http://contagiodump.blogspot.com/2012/06/amazon.html

URL Provider

Details	Provider	Source level domain
Details	blogspot.com	contagiodump.blogspot.com

Attributes

Details	Type	#Events	Value
Details	Domain	295	amazon.com
Details	Domain	1	dakotavolandos.com
Details	Domain	1	dak1otavola1ndos.com
Details	Domain	1	dako22tavol2andos.com
Details	Domain	1	d3akotav33olandos.com
Details	Domain	1	d4ak4otavolandos.com
Details	Domain	1	ce9483f6284903d8d76d60f1a96b3ade33c77ded0cac1d1c2dc8979879d6f91e.dak1otavola1ndos.com
Details	Domain	1	basdinopowadoar.com
Details	Domain	1	azonpowzanadinoar.com
Details	Domain	1	sbasdinopowadoar.com
Details	Domain	1	monsboys.biz
Details	Domain	1	uwyhbgwiechgi.com
Details	Domain	1	ieubietubviurb.com
Details	Domain	1	ns1.dns-diy.net
Details	Domain	1	ns2.dns-diy.net
Details	Domain	1	alfa-secure.com
Details	Domain	1	wizestreem.net
Details	Domain	1	denitraspetr.com
Details	Domain	1	donotstoptillu.com
Details	Domain	1	escapefgtyuoi.com
Details	Domain	1	spacepushhere.com
Details	Domain	1	tropikana-tour.com
Details	Domain	1	k-login.com
Details	Domain	1	jackeydu.com
Details	Domain	24	publicdomainregistry.com
Details	Domain	10	www.publicdomainregistry.com
Details	Email	1	admin@azonpowzanadinoar.com
Details	File	86	winver.exe
Details	File	1260	explorer.exe
Details	File	1122	svchost.exe
Details	File	533	ntdll.dll
Details	File	229	advapi32.dll
Details	File	130	ws2_32.dll
Details	File	291	user32.dll
Details	File	16	bin.exe
Details	File	1	cfg.dat
Details	File	1	web.dat
Details	File	1	wiecatinsu8.exe
Details	File	1	e7db4b0d0ef2804d9161670908697a93032a4c1809066d54ec6f9bcc8befa341.exe
Details	File	1206	index.php
Details	File	1	2fwygag.bin
Details	File	26	forum.php
Details	File	30	www.pub
Details	md5	1	c141be7ef8a49c2e8bda5e4a856386ac
Details	md5	1	6244604b4fe75b652c05a217ac90eeac
Details	md5	1	08ab7f68c6b3a4a2a745cc244d41d213
Details	md5	1	debfdbd33d6e4695877d0a789212c013
Details	md5	1	8e8cd6dc7759f4b74ec0bfa84db5b1a5
Details	md5	1	d1c13acddb7c13d0cf5a5c49e53a2906
Details	md5	1	b6991e7497a31fada9877907c63a5888
Details	md5	1	0e252ec52d7f4604d6b8894e479de233
Details	md5	1	b062be1e561c20b6fb829ad9a3303431
Details	md5	1	b4b9486d3eea4dc3b643b6bd89a4a67d
Details	sha256	1	078a122a9401dd47a61369ac769d9e707d9e86bdf7ad91708510b9a4584e8d49
Details	sha256	1	ce9483f6284903d8d76d60f1a96b3ade33c77ded0cac1d1c2dc8979879d6f91e
Details	sha256	1	8cc5050f513ed22780d4e85857a77a1fb2a3083d792cd550089b64e1d2ef58e9
Details	sha256	1	94e3fbcfb8d6f3fae34b1bc196c78082d35dc5a0084510c2c0b3ef38bc7b9cc2
Details	sha256	1	0505f7e556f5fa5624e763fb72a769eb73c497ef8f855d706a0203848fd41c24
Details	sha256	1	4144bc0bf25e55fbc65c1c03831ab1a82bc9cb267f8dd6264f5d0c55585ffd55
Details	sha256	1	09478bf4833505d3d7b66d4f30ccce6b9fde3ea51b9ccf6fdeadc008efba43d8
Details	sha256	1	e7db4b0d0ef2804d9161670908697a93032a4c1809066d54ec6f9bcc8befa341
Details	sha256	1	c33b7e2da7e7746950615f04bca55603f6c9082dd2352efe12173f408494c660
Details	sha256	1	ed09eee5ff1de74f7af7d9666a321726e745ef12c5766753b75c20c00ed6dd9b
Details	IPv4	1	31.186.103.29
Details	IPv4	1	195.210.47.230