General

  • Target

    761b78ddab55b4e561607ce5ce9d424a7aec4f1994aad988f0612b096cdd1d6d.bin.sample.gz

  • Size

    463KB

  • Sample

    240228-necg4aac8z

  • MD5

    05f083e7858bbebb9d3cc985e2b997a0

  • SHA1

    61411c1975d35acca8b3f4b20908924b3f7b140d

  • SHA256

    921953c7c080fbf1d4da4f0966a755e81228d2e0ccb127f206b176f6c3434f70

  • SHA512

    7cec4b20450be57a707cdc38f759cbc49976e3d790890c0db3b23f02d88d05716fb00c93e0dd10b45466450e0d1d2aff07fc38618338225c7e8191d52053e688

  • SSDEEP

    12288:8A/xjYZK8Djx4nM7y43mmnOO8DQmbD18tqOi7Q:b/iXjx4CmmnOOkF8tIQ

Malware Config

Targets

    • Target

      sample

    • Size

      1.1MB

    • MD5

      cd215489a03871eaac431180546f162e

    • SHA1

      acb517dc5ec2376176cc3116bebfdf71d314663b

    • SHA256

      761b78ddab55b4e561607ce5ce9d424a7aec4f1994aad988f0612b096cdd1d6d

    • SHA512

      124821f7d1860a513bc3c51a8f11bc0134877930f5bc46c4675a7d407b8523ae5c4cb596cf6c72ace9dd50245910c71eda216b1169a53e458e8e8bd378059892

    • SSDEEP

      12288:HRYqX7pdDWExBDmkYhiPJSA0IqOO2vBwRns2MqnuY/gtTy7FXu9:xY6frxBDmkY+Jr0Iql2v4sx+uxtTyp+9

    • Detects Trigona ransomware

    • Trigona

      A ransomware first seen at the beginning of the 2022.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Tasks