General
-
Target
8aa579b40f9c86c9c24726485528aafac4414257fc854feb6dbcad11222405dd.exe
-
Size
1.8MB
-
Sample
250212-gw7agazrdn
-
MD5
f58df2bfe9029301131370a318628026
-
SHA1
7813d093aa269732bd0e2aee134833a02140e0a2
-
SHA256
8aa579b40f9c86c9c24726485528aafac4414257fc854feb6dbcad11222405dd
-
SHA512
a9d7c34ff48e3b1fb3d0e73913b8a9abe8af7921bd1f5187350bea6c519e84d151a1aefaca1db099258c44c5e39794cfc1a51454b790942a5b9d1abedf751a65
-
SSDEEP
24576:1lJVdhsvTiGPfLSSbxwJMLsc7RogFX/g6dbo+uTjlpwXYz:FhiT52cfFX/g6dbLqMm
Malware Config
Targets
-
-
Target
8aa579b40f9c86c9c24726485528aafac4414257fc854feb6dbcad11222405dd.exe
-
Size
1.8MB
-
MD5
f58df2bfe9029301131370a318628026
-
SHA1
7813d093aa269732bd0e2aee134833a02140e0a2
-
SHA256
8aa579b40f9c86c9c24726485528aafac4414257fc854feb6dbcad11222405dd
-
SHA512
a9d7c34ff48e3b1fb3d0e73913b8a9abe8af7921bd1f5187350bea6c519e84d151a1aefaca1db099258c44c5e39794cfc1a51454b790942a5b9d1abedf751a65
-
SSDEEP
24576:1lJVdhsvTiGPfLSSbxwJMLsc7RogFX/g6dbo+uTjlpwXYz:FhiT52cfFX/g6dbLqMm
Score10/10-
Detects Trigona ransomware
-
Trigona
A ransomware first seen at the beginning of the 2022.
-
Trigona family
-
Downloads MZ/PE file
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1