troldesh | 5013dc9e2ddbe9ddd90af638466379f876b70ebe504d62e72ed166480a4d4f83 | Triage

Resubmissions

07-04-2024 03:03

240407-dkgnwsca25 10

07-04-2024 03:03

240407-dj9y2sbd8v 10

07-04-2024 03:03

240407-dj6avsbd71 10

07-04-2024 03:02

240407-djy7jsbd7s 10

01-02-2022 06:57

220201-hqya2sadfl 10

Sharing

General

Target

5013dc9e2ddbe9ddd90af638466379f876b70ebe504d62e72ed166480a4d4f83
Size

1.3MB
Sample

220201-hqya2sadfl
MD5

e2b8c884e9a91430ca6666f06aedf42e
SHA1

805a1193f029840c1a2fc057942b72e5fb93dffd
SHA256

5013dc9e2ddbe9ddd90af638466379f876b70ebe504d62e72ed166480a4d4f83
SHA512

49922bd870dfb1296bc689e5abc8235f82d565db3a06544d6fc6974bf6611dfc73873018c4ebfb878d45633fb08565079b02a36e849e47809addb1bd2118aaad

Score

10^/10

troldesh discovery persistence ransomware trojan upx

Malware Config

Targets

- Target
  
  5013dc9e2ddbe9ddd90af638466379f876b70ebe504d62e72ed166480a4d4f83
- Size
  
  1.3MB
- MD5
  
  e2b8c884e9a91430ca6666f06aedf42e
- SHA1
  
  805a1193f029840c1a2fc057942b72e5fb93dffd
- SHA256
  
  5013dc9e2ddbe9ddd90af638466379f876b70ebe504d62e72ed166480a4d4f83
- SHA512
  
  49922bd870dfb1296bc689e5abc8235f82d565db3a06544d6fc6974bf6611dfc73873018c4ebfb878d45633fb08565079b02a36e849e47809addb1bd2118aaad
Score

10^/10

troldesh discovery persistence ransomware trojan upx
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

troldeshdiscoverypersistenceransomwaretrojanupx

behavioral2