trigona | 92241867812099edddb6061a00d36b49268a1c54524833427f2a2aa967f183ae | Triage

Resubmissions

12-02-2024 19:56

240212-ynry9ada64 10

12-02-2024 19:35

240212-yazryabb7s 10

23-01-2024 03:08

240123-dnenpsfccr 10

Sharing

General

Target

c28b33f7365f9dc72cc291d13458f334.bin
Size

186KB
Sample

240212-ynry9ada64
MD5

6978dc767080803578ed1d6018b44c99
SHA1

74b52d7e5b92bc802ffa864adbf7483043128e32
SHA256

92241867812099edddb6061a00d36b49268a1c54524833427f2a2aa967f183ae
SHA512

748ea100bcfe4b641197548384f179226663698832bebe630d34e65cb2fdf07d4b69b1447c5fe2ab9cf13f55eee3b5fd7050a07ec9364eac4cd16565ccdb1973
SSDEEP

3072:ZhFH8BnrxFgYsm2fz7mfZyM82++UUW8D455cFKxUrs2C8MS0ISgCyqXP8bRl/lIJ:Zhl851Iz7mwM82lUB55cFQMrC8b0PgCD

Score

10^/10

trigona discovery persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  85f4088286ac1eedc94ad9dc6465e9e4b89d1cde3012f9949450fcc9f2b60431.exe
- Size
  
  342KB
- MD5
  
  c28b33f7365f9dc72cc291d13458f334
- SHA1
  
  b4ad79b2800a6540f1c460ce6220a4ebb551a18b
- SHA256
  
  85f4088286ac1eedc94ad9dc6465e9e4b89d1cde3012f9949450fcc9f2b60431
- SHA512
  
  3bb9e234da571093c05e21b4ffdfa7ceb9d6f95a33a07e39260a974fdc19dfc7ba72e7f9a579ec45585857d5d543ff99a535b479cf77629858c3cfa1c824e46f
- SSDEEP
  
  6144:Gx2QdiglMFGfzIBeZO8Wf2cMRsCO/xZqqDLuz+4pQoL27aR9:GAQsgScEydsCJqnuq4z2mR9
Score

10^/10

trigona discovery persistence ransomware spyware stealer
- Trigona
  A ransomware first seen at the beginning of the 2022.
  ransomware trigona
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops desktop.ini file(s)
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Network Service Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

trigonadiscoverypersistenceransomwarespywarestealer