Overview

overview

10

Static

static

10

sample.exe

windows7-x64

10

sample.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f29b948905449f330d2e5070d767d0dac4837d0b566eee28282dc78749083684.bin.sample.gz

  • Size

    463KB

  • Sample

    240228-nd46qaab96

  • MD5

    38d7b001902a6f641970a53c4aae5e73

  • SHA1

    4355193f030c10f38d45f96e8c77f74cf77eeeec

  • SHA256

    6536e3bb233f6543926b15c4872b269ae4756d1bf8475e66272e296242c3b86d

  • SHA512

    b7beab98f20b803ddfcd23c3732defe2fa1656f37fa45a0e33ec8d337f7ba9fa7283459bd609db05b5851c63de0557f7639711509cdea5fbc2ebb72940aafbce

  • SSDEEP

    6144:790uDzXr0G07K9IeBsFHbAH1a8rWSu60aS3ndGdw8LI6XzWu5eL7ypGW5vorIMN4:Wu/7F5IeiF7AH7Q603ndG1dzWX3Kfm4

Score
10/10
trigonadiscoverypersistenceransomware

Malware Config

Targets

    • Target

      sample

    • Size

      1.1MB

    • MD5

      27175ea8cbe46ff37de5f88c3bb914af

    • SHA1

      5132fd07a623dfeffbb7448531e2ba8baa91b144

    • SHA256

      f29b948905449f330d2e5070d767d0dac4837d0b566eee28282dc78749083684

    • SHA512

      9902c6c6ddf50848f27cb9aae23a53ae976bf4959fe48eab8ef099dc03cad56310ce031e74ea53017ce01fa456b030b214f0760576821a4e1efe20b6e854970f

    • SSDEEP

      24576:n5shvRvrJpGinVvvr9snyoYo+uk8jfLRmb:kZGG6nILifLR+

    Score
    10/10
    trigonapersistenceransomwarediscovery

    • Detects Trigona ransomware

    • Trigona

      A ransomware first seen at the beginning of the 2022.

      ransomwaretrigona

    • Adds Run key to start application

      persistence

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks