General

  • Target

    704f1.exe

  • Size

    1.1MB

  • Sample

    240212-xjl2rscf83

  • MD5

    67dd0708a2dcbe6b7661fd5eb4593ea7

  • SHA1

    3d496563984c73e129577da8ca87d3e823fdcce4

  • SHA256

    704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2

  • SHA512

    6dc6949196b6aa1e44564c955bf02b45e74247c23408e24fe206087725922dcb5cebb5db58635414313e6c96cfba26758919509ecd0e19832506069236dd9c21

  • SSDEEP

    24576:oYj5E9T+xHeQhNmYOnW8FQrbID+u9v1Qs:Z5E9LQvRrtSvB

Malware Config

Targets

    • Target

      704f1.exe

    • Size

      1.1MB

    • MD5

      67dd0708a2dcbe6b7661fd5eb4593ea7

    • SHA1

      3d496563984c73e129577da8ca87d3e823fdcce4

    • SHA256

      704f1655ce9127d7aab6d82660b48a127b5f00cadd7282acb03c440f21dae5e2

    • SHA512

      6dc6949196b6aa1e44564c955bf02b45e74247c23408e24fe206087725922dcb5cebb5db58635414313e6c96cfba26758919509ecd0e19832506069236dd9c21

    • SSDEEP

      24576:oYj5E9T+xHeQhNmYOnW8FQrbID+u9v1Qs:Z5E9LQvRrtSvB

    • Detects Trigona ransomware

    • Trigona

      A ransomware first seen at the beginning of the 2022.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks