Overview

overview

10

Static

static

10

704f1655ce...e2.exe

windows7-x64

10

704f1655ce...e2.exe

windows10-1703-x64

10

704f1655ce...e2.exe

windows10-2004-x64

10

704f1655ce...e2.exe

windows11-21h2-x64

10

Resubmissions

21-01-2024 14:54

240121-r9z4esdeaj 10

03-02-2023 07:15

230203-h3h2wscd88 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2

  • Size

    1.1MB

  • Sample

    240121-r9z4esdeaj

  • MD5

    67dd0708a2dcbe6b7661fd5eb4593ea7

  • SHA1

    3d496563984c73e129577da8ca87d3e823fdcce4

  • SHA256

    704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2

  • SHA512

    6dc6949196b6aa1e44564c955bf02b45e74247c23408e24fe206087725922dcb5cebb5db58635414313e6c96cfba26758919509ecd0e19832506069236dd9c21

  • SSDEEP

    24576:oYj5E9T+xHeQhNmYOnW8FQrbID+u9v1Qs:Z5E9LQvRrtSvB

Score
10/10
trigonadiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2

    • Size

      1.1MB

    • MD5

      67dd0708a2dcbe6b7661fd5eb4593ea7

    • SHA1

      3d496563984c73e129577da8ca87d3e823fdcce4

    • SHA256

      704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2

    • SHA512

      6dc6949196b6aa1e44564c955bf02b45e74247c23408e24fe206087725922dcb5cebb5db58635414313e6c96cfba26758919509ecd0e19832506069236dd9c21

    • SSDEEP

      24576:oYj5E9T+xHeQhNmYOnW8FQrbID+u9v1Qs:Z5E9LQvRrtSvB

    Score
    10/10
    trigonapersistenceransomwarespywarestealerdiscovery

    • Detects Trigona ransomware

    • Trigona

      A ransomware first seen at the beginning of the 2022.

      ransomwaretrigona

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops desktop.ini file(s)

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

2
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Network Service Discovery

1
T1046

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks