Overview

overview

10

Static

static

12352cb3fc...b2.exe

windows7_x64

10

12352cb3fc...b2.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12352cb3fcd048e8b8dc1efe47e0a70456e1ef9d17724201dcfe70ad500c39b2

  • Size

    1.2MB

  • Sample

    220603-12leqsafbr

  • MD5

    cf7ea57a75432d8e13f70aeb795a1158

  • SHA1

    6a54de0ce4a1bae5de76608a09764103b3116656

  • SHA256

    12352cb3fcd048e8b8dc1efe47e0a70456e1ef9d17724201dcfe70ad500c39b2

  • SHA512

    16e08d4c88679ae67f91160a5c95f960080acef95f83179b155ca8dc466886c331d402e4b5fda128c9b9d50a7838e6472a29d93bad5b0c4175b3beb3d65fcfd4

Score
10/10
troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

Malware Config

Targets

    • Target

      12352cb3fcd048e8b8dc1efe47e0a70456e1ef9d17724201dcfe70ad500c39b2

    • Size

      1.2MB

    • MD5

      cf7ea57a75432d8e13f70aeb795a1158

    • SHA1

      6a54de0ce4a1bae5de76608a09764103b3116656

    • SHA256

      12352cb3fcd048e8b8dc1efe47e0a70456e1ef9d17724201dcfe70ad500c39b2

    • SHA512

      16e08d4c88679ae67f91160a5c95f960080acef95f83179b155ca8dc466886c331d402e4b5fda128c9b9d50a7838e6472a29d93bad5b0c4175b3beb3d65fcfd4

    Score
    10/10
    troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

    • Troldesh, Shade, Encoder.858

      Troldesh is a ransomware spread by malspam.

      ransomwaretrojantroldesh

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks