Overview

overview

10

Static

static

3

1c18ce93ce...08.exe

windows7-x64

10

1c18ce93ce...08.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1c18ce93ce0c1ea0b0838da892dd33af031db3caf49e215dc3beb2c398c09508.exe

  • Size

    487KB

  • Sample

    250212-h86p5ssjal

  • MD5

    b2207b0c5793df85dd216dfbf9c2315d

  • SHA1

    928d151e3508a3e180ff3b27af5e12d5eb9bf28b

  • SHA256

    1c18ce93ce0c1ea0b0838da892dd33af031db3caf49e215dc3beb2c398c09508

  • SHA512

    80c747a361a7c8b1bccea1233ee89aad603e6734451294743a67df325326cd4680f8bf1e6a74a077d3654cb061e907d3dcd2678a05a273dea486cd815c756b9e

  • SSDEEP

    12288:VBtSRhdCEVTdbyMhXPT4WYqnuDOzA3AgDB:VBt6MUyMhb49+uDO0QgDB

Score
10/10
trigonacredential_accessdiscoveryransomwarespywarestealer

Malware Config

Targets

    • Target

      1c18ce93ce0c1ea0b0838da892dd33af031db3caf49e215dc3beb2c398c09508.exe

    • Size

      487KB

    • MD5

      b2207b0c5793df85dd216dfbf9c2315d

    • SHA1

      928d151e3508a3e180ff3b27af5e12d5eb9bf28b

    • SHA256

      1c18ce93ce0c1ea0b0838da892dd33af031db3caf49e215dc3beb2c398c09508

    • SHA512

      80c747a361a7c8b1bccea1233ee89aad603e6734451294743a67df325326cd4680f8bf1e6a74a077d3654cb061e907d3dcd2678a05a273dea486cd815c756b9e

    • SSDEEP

      12288:VBtSRhdCEVTdbyMhXPT4WYqnuDOzA3AgDB:VBt6MUyMhb49+uDO0QgDB

    Score
    10/10
    trigonaransomwarecredential_accessdiscoveryspywarestealer

    • Trigona

      A ransomware first seen at the beginning of the 2022.

      ransomwaretrigona

    • Trigona family

      trigona

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

      credential_accessstealer

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks