General
-
Target
fef96e503bb02c85e176305a0a42116eb9595c8c37151d3a740ed4a266694b5d.zip
-
Size
604KB
-
Sample
240121-r9h5xaead4
-
MD5
e2ac5bd327a6947d73edfeb9df1c3763
-
SHA1
64b32710fba76796f5bdf0b0d9c7ffb5a496c45c
-
SHA256
aa08618b8ae0911c647852bc52b98910d3b73f37a62706b31709352d11f36430
-
SHA512
bc46e644ed181b0c7f85d40e55939480e1b54f0c1fa5627ec6662e94da4e84632da279180f95dbd1cbe319621c1e3d22c40a47be6e1476732011c454f27802b8
-
SSDEEP
12288:mPKIMNVWxa/S21rNSMjDdFDiDEfqo0YUVJTEnmuXJwZcoMjN:mS7VWkairFvdti/9/tomuXJwZcoO
Malware Config
Targets
-
-
Target
fef96e503bb02c85e176305a0a42116eb9595c8c37151d3a740ed4a266694b5d
-
Size
1.8MB
-
MD5
d6a67c892e1092004a82a0c9c4bfdac4
-
SHA1
132a0696cca15a09aae1c8830b012d520a2647cb
-
SHA256
fef96e503bb02c85e176305a0a42116eb9595c8c37151d3a740ed4a266694b5d
-
SHA512
725f8b19300d8e34c518d35a979b562bed8a2f947093877b6aaa9332e37352a81a59ea9d8a2c2576043677ca0467c0af67670d79f18f0d7e391bf40ff059ea0c
-
SSDEEP
24576:Klt7hGgTTqGKw81ymxkamLsc7WXgIecdvi4T+u9t12:KhdTQxXwIecdvi4i0tE
Score10/10-
Detects Trigona ransomware
-
Trigona
A ransomware first seen at the beginning of the 2022.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Drops desktop.ini file(s)
-