Resubmissions

21-01-2024 14:53

240121-r9d6ysead3 10

18-04-2023 10:19

230418-mclsbacf2v 10

General

  • Target

    fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe

  • Size

    1.1MB

  • Sample

    230418-mclsbacf2v

  • MD5

    530967fb3b7d9427552e4ac181a37b9a

  • SHA1

    41bcf469661ab9609a0d181953c2f8ffb75bb483

  • SHA256

    fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b

  • SHA512

    b81a447a994839a6858bab10eaa2c26aabaf3f73e7ffd2c70d27dfde5f11b35f5d153362277c046d47bcf9dc2d2b7c92d5805e89e633f9326306071abb213afa

  • SSDEEP

    24576:15swNmjEoujhn3wVPWJFwEQWV+u7h62TL:HouNVOEbcah6qL

Malware Config

Targets

    • Target

      fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b.exe

    • Size

      1.1MB

    • MD5

      530967fb3b7d9427552e4ac181a37b9a

    • SHA1

      41bcf469661ab9609a0d181953c2f8ffb75bb483

    • SHA256

      fb128dbd4e945574a2795c2089340467fcf61bb3232cc0886df98d86ff328d1b

    • SHA512

      b81a447a994839a6858bab10eaa2c26aabaf3f73e7ffd2c70d27dfde5f11b35f5d153362277c046d47bcf9dc2d2b7c92d5805e89e633f9326306071abb213afa

    • SSDEEP

      24576:15swNmjEoujhn3wVPWJFwEQWV+u7h62TL:HouNVOEbcah6qL

    • Detects Trigona ransomware

    • Trigona

      A ransomware first seen at the beginning of the 2022.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks