trigona | 8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376 | Triage

Submit
Reports

Overview

overview

Static

static

8cbe32f31b...76.exe

windows7-x64

8cbe32f31b...76.exe

windows10-1703-x64

8cbe32f31b...76.exe

windows10-2004-x64

8cbe32f31b...76.exe

windows11-21h2-x64

Resubmissions

21-01-2024 14:53

240121-r9m4vsddhn 10

05-04-2023 12:55

230405-p5386seg66 10

Sharing

General

Target

8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376
Size

1.1MB
Sample

240121-r9m4vsddhn
MD5

eb9fdc083164c0cead39fecaad9aafb4
SHA1

19c8782165f56d4153658da5f88f9edd14ae2022
SHA256

8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376
SHA512

c4c54de23730f5265d29372c21f4f2212a0204f9b83d7fba5dacb0578fbe9f1c95e7521ff892364253f0cd8f4cfbf5befbef387af942714eb4b1b983b0258603
SSDEEP

24576:2Y5sZYIcpO4Y4w+xEjN7oQr+O+uvjx8t2mEdp:/Y4470JYj+kmEf

Score

10^/10

trigona discovery persistence ransomware spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe

Resource

win7-20231215-en

trigona persistence ransomware spyware stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe

Resource

win10-20231215-en

trigona discovery persistence ransomware

windows10-1703-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe

Resource

win10v2004-20231215-en

trigona discovery persistence ransomware spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral4

Sample

8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe

Resource

win11-20231215-en

trigona persistence ransomware spyware stealer

windows11-21h2-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376
- Size
  
  1.1MB
- MD5
  
  eb9fdc083164c0cead39fecaad9aafb4
- SHA1
  
  19c8782165f56d4153658da5f88f9edd14ae2022
- SHA256
  
  8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376
- SHA512
  
  c4c54de23730f5265d29372c21f4f2212a0204f9b83d7fba5dacb0578fbe9f1c95e7521ff892364253f0cd8f4cfbf5befbef387af942714eb4b1b983b0258603
- SSDEEP
  
  24576:2Y5sZYIcpO4Y4w+xEjN7oQr+O+uvjx8t2mEdp:/Y4470JYj+kmEf
Score

10^/10

trigona persistence ransomware spyware stealer discovery
- Detects Trigona ransomware
- Trigona
  A ransomware first seen at the beginning of the 2022.
  ransomware trigona
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops desktop.ini file(s)
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Network Service Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

trigonapersistenceransomwarespywarestealer

behavioral2

trigonadiscoverypersistenceransomware

behavioral3

trigonadiscoverypersistenceransomwarespywarestealer

behavioral4

trigonapersistenceransomwarespywarestealer

© 2018-2024

Terms | Privacy