trigona | 1c18ce93ce0c1ea0b0838da892dd33af031db3caf49e215dc3beb2c398c09508 | Triage

Sharing

General

Target

connhost.exe
Size

487KB
Sample

240307-hag9wsfa39
MD5

b2207b0c5793df85dd216dfbf9c2315d
SHA1

928d151e3508a3e180ff3b27af5e12d5eb9bf28b
SHA256

1c18ce93ce0c1ea0b0838da892dd33af031db3caf49e215dc3beb2c398c09508
SHA512

80c747a361a7c8b1bccea1233ee89aad603e6734451294743a67df325326cd4680f8bf1e6a74a077d3654cb061e907d3dcd2678a05a273dea486cd815c756b9e
SSDEEP

12288:VBtSRhdCEVTdbyMhXPT4WYqnuDOzA3AgDB:VBt6MUyMhb49+uDO0QgDB

Score

10^/10

trigona ransomware spyware stealer

Malware Config

Targets

- Target
  
  connhost.exe
- Size
  
  487KB
- MD5
  
  b2207b0c5793df85dd216dfbf9c2315d
- SHA1
  
  928d151e3508a3e180ff3b27af5e12d5eb9bf28b
- SHA256
  
  1c18ce93ce0c1ea0b0838da892dd33af031db3caf49e215dc3beb2c398c09508
- SHA512
  
  80c747a361a7c8b1bccea1233ee89aad603e6734451294743a67df325326cd4680f8bf1e6a74a077d3654cb061e907d3dcd2678a05a273dea486cd815c756b9e
- SSDEEP
  
  12288:VBtSRhdCEVTdbyMhXPT4WYqnuDOzA3AgDB:VBt6MUyMhb49+uDO0QgDB
Score

10^/10

trigona ransomware spyware stealer
- Trigona
  A ransomware first seen at the beginning of the 2022.
  ransomware trigona
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

trigonaransomwarespywarestealer

behavioral2

trigonaransomware