General
-
Target
f056fc666d085aa67366bab1f4571cfdcb05535c129cc811925d72b337204e36
-
Size
915KB
-
Sample
220724-he64tabae6
-
MD5
bd9018eef261652777c1f1f60abebdbb
-
SHA1
d30de4c0dffea752c8fe5bc0d86c4b1eba316c99
-
SHA256
f056fc666d085aa67366bab1f4571cfdcb05535c129cc811925d72b337204e36
-
SHA512
e7c1b2f81d59d435f12c123cdf256917fc47764e624e0a4d2b8daf4fd09b47cc427cad0134a6f97bf2dc88c1472990b856fd284d27307661eebb35e255852ebb
Malware Config
Targets
-
-
Target
f056fc666d085aa67366bab1f4571cfdcb05535c129cc811925d72b337204e36
-
Size
915KB
-
MD5
bd9018eef261652777c1f1f60abebdbb
-
SHA1
d30de4c0dffea752c8fe5bc0d86c4b1eba316c99
-
SHA256
f056fc666d085aa67366bab1f4571cfdcb05535c129cc811925d72b337204e36
-
SHA512
e7c1b2f81d59d435f12c123cdf256917fc47764e624e0a4d2b8daf4fd09b47cc427cad0134a6f97bf2dc88c1472990b856fd284d27307661eebb35e255852ebb
Score10/10-
Troldesh, Shade, Encoder.858
Troldesh is a ransomware spread by malspam.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-