General

  • Target

    connhost.exe

  • Size

    487KB

  • Sample

    240307-hag9wsfa39

  • MD5

    b2207b0c5793df85dd216dfbf9c2315d

  • SHA1

    928d151e3508a3e180ff3b27af5e12d5eb9bf28b

  • SHA256

    1c18ce93ce0c1ea0b0838da892dd33af031db3caf49e215dc3beb2c398c09508

  • SHA512

    80c747a361a7c8b1bccea1233ee89aad603e6734451294743a67df325326cd4680f8bf1e6a74a077d3654cb061e907d3dcd2678a05a273dea486cd815c756b9e

  • SSDEEP

    12288:VBtSRhdCEVTdbyMhXPT4WYqnuDOzA3AgDB:VBt6MUyMhb49+uDO0QgDB

Malware Config

Targets

    • Target

      connhost.exe

    • Size

      487KB

    • MD5

      b2207b0c5793df85dd216dfbf9c2315d

    • SHA1

      928d151e3508a3e180ff3b27af5e12d5eb9bf28b

    • SHA256

      1c18ce93ce0c1ea0b0838da892dd33af031db3caf49e215dc3beb2c398c09508

    • SHA512

      80c747a361a7c8b1bccea1233ee89aad603e6734451294743a67df325326cd4680f8bf1e6a74a077d3654cb061e907d3dcd2678a05a273dea486cd815c756b9e

    • SSDEEP

      12288:VBtSRhdCEVTdbyMhXPT4WYqnuDOzA3AgDB:VBt6MUyMhb49+uDO0QgDB

    • Trigona

      A ransomware first seen at the beginning of the 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Collection

Data from Local System

1
T1005

Tasks