Analysis of Tinba Malware (banker)

Overview

Our newWorld researcher spotted a malicious URL during the threat hunting activity. So they started to inspect the host which contacting the malicious domain. While inspecting the spotted an executable which connecting to the malicious site. Our researcher collected the suspected file and copied that for analysis.

Specimen analysis

File type:              PE (Exe)

Hash (SHA 256): 092d20f9d0c805802da89a801ca11db56d1a31727cfd7b040b7ced5037ded18b

File Size:              133 KB

Compiler details

This sample was loaded in the debugger to understand its functionality. We spotted the ‘DragAcceptFiles’ function, this identifier of the window that is registering whether it will accept dropped files.

DragAcceptFiles

The sample does process injection by injecting into explorer.exe, winver.exe, and other remote processes. We observed the network packet:

https://www.virustotal.com/#/url/da2e7a800af6b84917ed0ec4617678f161e010e713040b7dc4eae71b899bfa04/detection

hxxp://brureservtestot(.)cc

This is the malicious URL we spotted during our threat hunting. Many vendors are blocking this as a malicious site. We checked the hash of our specimen in VT search and it found to be banker- Tinba detection. 

https://www.virustotal.com/#/file/092d20f9d0c805802da89a801ca11db56d1a31727cfd7b040b7ced5037ded18b/detection

Conclusion

Maintaining best security practice is the key for fighting this sort of malware. Keeping all the security patches up to date is highly recommended.

Post by

newWorld

Interesting facts (for Indians) on network switches

Network switches play important role in enabling the communication between the devices in the network. Switches manage the data across a computer network by engaging the received packet to the intended device. Usually, the switches are functions in the data link layer but some of the multilayer switches are processing in layer 3 of the OSI model.

One of the interesting fact for Indian people that first multiport Ethernet switch was manufactured by a company called Kalpana in the year 1989. Kalpana was founded Vinod Bhardwaj and Larry Blair in the 1980s and the name Kalpana was after the Bhardwaj’s wife, meaning imagination in Sanskrit. This innovation leads to Ethernet networks operate as faster and easier way. They also invented EtherChannel to provide higher bandwidth in inter-switch at running many links in parallel, which is referred to as link aggregation.

If Kalpana is pioneering the switches and other network equipment manufacturing then why no one heard about Kalpana now?

Because the giant Cisco acquired the Kalpana in the year 1994 and their achievements are now in the shadow of Cisco.

Post by

newWorld

Outlook Mail Search Options are not working?

Overview
One of my friend who comes over to me asking that his outlook search option is not working. I went to his desk and checked his laptop. The search option in the mailbox got disabled and it got overshadowed by the grey color. I resolved the problem and the search option in the outlook started working fine. I thought it will be nice if I share this to newWorld team post it in their site.

Solution
- First of close the outlook.
- Open the services file (services.msc)
[To open that we must first open run window and type services.msc]

- Go to the windows search (refer the snapshot)

- If this windows search is not up and running, please make it to running state.
- If this windows search is running and the status of Automatic or Automatic (Delayed start), the search option will work fine.

Now, open the outlook program and check for the search option, it will work fine!!!

Post by
newWorld