Resubmissions

12-02-2024 19:56

240212-ynry9ada64 10

12-02-2024 19:35

240212-yazryabb7s 10

23-01-2024 03:08

240123-dnenpsfccr 10

General

  • Target

    c28b33f7365f9dc72cc291d13458f334.bin

  • Size

    186KB

  • Sample

    240212-ynry9ada64

  • MD5

    6978dc767080803578ed1d6018b44c99

  • SHA1

    74b52d7e5b92bc802ffa864adbf7483043128e32

  • SHA256

    92241867812099edddb6061a00d36b49268a1c54524833427f2a2aa967f183ae

  • SHA512

    748ea100bcfe4b641197548384f179226663698832bebe630d34e65cb2fdf07d4b69b1447c5fe2ab9cf13f55eee3b5fd7050a07ec9364eac4cd16565ccdb1973

  • SSDEEP

    3072:ZhFH8BnrxFgYsm2fz7mfZyM82++UUW8D455cFKxUrs2C8MS0ISgCyqXP8bRl/lIJ:Zhl851Iz7mwM82lUB55cFQMrC8b0PgCD

Malware Config

Targets

    • Target

      85f4088286ac1eedc94ad9dc6465e9e4b89d1cde3012f9949450fcc9f2b60431.exe

    • Size

      342KB

    • MD5

      c28b33f7365f9dc72cc291d13458f334

    • SHA1

      b4ad79b2800a6540f1c460ce6220a4ebb551a18b

    • SHA256

      85f4088286ac1eedc94ad9dc6465e9e4b89d1cde3012f9949450fcc9f2b60431

    • SHA512

      3bb9e234da571093c05e21b4ffdfa7ceb9d6f95a33a07e39260a974fdc19dfc7ba72e7f9a579ec45585857d5d543ff99a535b479cf77629858c3cfa1c824e46f

    • SSDEEP

      6144:Gx2QdiglMFGfzIBeZO8Wf2cMRsCO/xZqqDLuz+4pQoL27aR9:GAQsgScEydsCJqnuq4z2mR9

    • Trigona

      A ransomware first seen at the beginning of the 2022.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks