Overview

overview

10

Static

static

3

f64211b0a4...4e.exe

windows7-x64

10

f64211b0a4...4e.exe

windows10-1703-x64

10

f64211b0a4...4e.exe

windows10-2004-x64

10

f64211b0a4...4e.exe

windows11-21h2-x64

10

Resubmissions

21-01-2024 14:53

240121-r9tawaddhp 10

17-03-2023 06:39

230317-helswaef33 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e

  • Size

    1.1MB

  • Sample

    240121-r9tawaddhp

  • MD5

    e248e214c121845e69bbf266cc9e2853

  • SHA1

    683a1a845f0c2d0f358d62a450f710f960190f2f

  • SHA256

    f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e

  • SHA512

    d5a5968b079b2a561f2adeaa1cff9ba8e2faac242ef362894dde0b8f72ec725780da651950d06e2b019369f34dbbaf31a497440b4aabe7f8357f789bbdab9031

  • SSDEEP

    24576:KYxvmwliqDHWHVjdzuM7Br+e5rh+u7z7k:Zvmw3UjnrP9gQY

Score
10/10
trigonadiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e

    • Size

      1.1MB

    • MD5

      e248e214c121845e69bbf266cc9e2853

    • SHA1

      683a1a845f0c2d0f358d62a450f710f960190f2f

    • SHA256

      f64211b0a49589bb53523dfb88eb9937ab88c8fcea98e2aabcbee90f1828e94e

    • SHA512

      d5a5968b079b2a561f2adeaa1cff9ba8e2faac242ef362894dde0b8f72ec725780da651950d06e2b019369f34dbbaf31a497440b4aabe7f8357f789bbdab9031

    • SSDEEP

      24576:KYxvmwliqDHWHVjdzuM7Br+e5rh+u7z7k:Zvmw3UjnrP9gQY

    Score
    10/10
    trigonapersistenceransomwarespywarestealerdiscovery

    • Trigona

      A ransomware first seen at the beginning of the 2022.

      ransomwaretrigona

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops desktop.ini file(s)

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

2
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Network Service Discovery

1
T1046

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks