General

  • Target

    e5093e304a50d34cdf67ee8e49713c6131d6740e664ea49d9c98682336e3141a

  • Size

    1.2MB

  • Sample

    220201-dqnz6agdc2

  • MD5

    78be5b87f4282ad396ba0cdb3219a8c4

  • SHA1

    2b07c58af5ae103c9b4745c948cabc36cd12d97c

  • SHA256

    e5093e304a50d34cdf67ee8e49713c6131d6740e664ea49d9c98682336e3141a

  • SHA512

    9539b3ad5c65243b13d2dcc7ef98599e50cac742d5c097f4305d5de025b0c8cb8c7af579ffb533f67517c6c01d8a18b5e42a6030ce3b5d535362efbe62d784b7

Malware Config

Targets

    • Target

      e5093e304a50d34cdf67ee8e49713c6131d6740e664ea49d9c98682336e3141a

    • Size

      1.2MB

    • MD5

      78be5b87f4282ad396ba0cdb3219a8c4

    • SHA1

      2b07c58af5ae103c9b4745c948cabc36cd12d97c

    • SHA256

      e5093e304a50d34cdf67ee8e49713c6131d6740e664ea49d9c98682336e3141a

    • SHA512

      9539b3ad5c65243b13d2dcc7ef98599e50cac742d5c097f4305d5de025b0c8cb8c7af579ffb533f67517c6c01d8a18b5e42a6030ce3b5d535362efbe62d784b7

    • Troldesh, Shade, Encoder.858

      Troldesh is a ransomware spread by malspam.

    • Sets service image path in registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks