troldesh | 9b6667e567a5d2b86082ec3048a2f08d8f081f09049b2f2a932cfd803edbc063 | Triage

Submit
Reports

Overview

overview

Static

static

3

476c9e54ae...18.exe

windows7-x64

476c9e54ae...18.exe

windows10-2004-x64

Sharing

General

Target

476c9e54aedbb3b83958f212f6d5fe03_JaffaCakes118
Size

1003KB
Sample

240515-wxqfnsdb4y
MD5

476c9e54aedbb3b83958f212f6d5fe03
SHA1

86afd5ed5694152a20d5338b3acc620ac847b297
SHA256

9b6667e567a5d2b86082ec3048a2f08d8f081f09049b2f2a932cfd803edbc063
SHA512

e89b57ba269ae16f1521e2c5efa21901b4913a52c91e13e1b404521d8e5ddcbf016097539d750f81097cf3e94b0a1e3d16713c55dfe5449c819021f3db4df761
SSDEEP

24576:IU+qLI7gShrUm7sNEJAwCIMRTbsfoIQK/Gyc7BcGh7:x+j9JUl2sRTgfoIQqvc7BcGJ

Score

10^/10

troldesh persistence ransomware trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

476c9e54aedbb3b83958f212f6d5fe03_JaffaCakes118.exe

Resource

win7-20240221-en

troldesh persistence ransomware trojan upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

476c9e54aedbb3b83958f212f6d5fe03_JaffaCakes118.exe

Resource

win10v2004-20240508-en

troldesh persistence ransomware trojan upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  476c9e54aedbb3b83958f212f6d5fe03_JaffaCakes118
- Size
  
  1003KB
- MD5
  
  476c9e54aedbb3b83958f212f6d5fe03
- SHA1
  
  86afd5ed5694152a20d5338b3acc620ac847b297
- SHA256
  
  9b6667e567a5d2b86082ec3048a2f08d8f081f09049b2f2a932cfd803edbc063
- SHA512
  
  e89b57ba269ae16f1521e2c5efa21901b4913a52c91e13e1b404521d8e5ddcbf016097539d750f81097cf3e94b0a1e3d16713c55dfe5449c819021f3db4df761
- SSDEEP
  
  24576:IU+qLI7gShrUm7sNEJAwCIMRTbsfoIQK/Gyc7BcGh7:x+j9JUl2sRTgfoIQqvc7BcGJ
Score

10^/10

troldesh persistence ransomware trojan upx
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

troldeshpersistenceransomwaretrojanupx

behavioral2

troldeshpersistenceransomwaretrojanupx

© 2018-2024

Terms | Privacy