trigona | b49bf3a4baf637e067a8db7360051eba39713b7958519b49f8e236b6014c8477 | Triage

Submit
Reports

Overview

overview

Static

static

Trigona.exe

windows7-x64

Trigona.exe

windows10-2004-x64

Resubmissions

21-01-2024 14:53

240121-r9a5asead2 10

30-06-2023 14:46

230630-r492faee4v 10

Sharing

General

Target

Trigona.exe
Size

1.1MB
Sample

230630-r492faee4v
MD5

2c31a750240788f924ef64a2fb4fdf3b
SHA1

c9c6a7f911d16b49d8b838dca3683357b72c9d6d
SHA256

b49bf3a4baf637e067a8db7360051eba39713b7958519b49f8e236b6014c8477
SHA512

1e36c96110b793bfea2e65f6ff4c0e59a0a6b8f86395d7be6497be264954ab9b7c61d0adfa85dcef5ce69afe4b200b3ece82cbf089264f7d648eaaa53acbd50d
SSDEEP

12288:XRYqX7pdDWExBDmkYhiPJSA0IqOO2vBwRns2MqnuY/gtTyb7:hY6frxBDmkY+Jr0Iql2v4sx+uxtTyn

Score

10^/10

trigona discovery persistence ransomware

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Trigona.exe

Resource

win7-20230621-en

trigona ransomware

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

Trigona.exe

Resource

win10v2004-20230621-en

trigona discovery persistence ransomware

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  Trigona.exe
- Size
  
  1.1MB
- MD5
  
  2c31a750240788f924ef64a2fb4fdf3b
- SHA1
  
  c9c6a7f911d16b49d8b838dca3683357b72c9d6d
- SHA256
  
  b49bf3a4baf637e067a8db7360051eba39713b7958519b49f8e236b6014c8477
- SHA512
  
  1e36c96110b793bfea2e65f6ff4c0e59a0a6b8f86395d7be6497be264954ab9b7c61d0adfa85dcef5ce69afe4b200b3ece82cbf089264f7d648eaaa53acbd50d
- SSDEEP
  
  12288:XRYqX7pdDWExBDmkYhiPJSA0IqOO2vBwRns2MqnuY/gtTyb7:hY6frxBDmkY+Jr0Iql2v4sx+uxtTyn
Score

10^/10

trigona ransomware discovery persistence
- Detects Trigona ransomware
- Trigona
  A ransomware first seen at the beginning of the 2022.
  ransomware trigona
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

trigonaransomware

behavioral2

trigonadiscoverypersistenceransomware

© 2018-2024

Terms | Privacy