Overview

overview

10

Static

static

1

Scans0111.scr

windows7-x64

10

Scans0111.scr

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    58c03b92235ba0a4d6f397b6ae17d2971575f09f05ecae397d86111f5c2da337

  • Size

    901KB

  • Sample

    220724-he8bwabae7

  • MD5

    114c86f4f31d0f601161ab7a7058705f

  • SHA1

    edbf0f37a527aa52e5b9566047313771ebb724e7

  • SHA256

    58c03b92235ba0a4d6f397b6ae17d2971575f09f05ecae397d86111f5c2da337

  • SHA512

    b618acc5cd1c49ba6f14ed4e5221cfa2bccd1aabbe00b81d484dcf0290b45c1abd73b69231602c3c5fac3742116305df90fca0c8510d6c599220e31059f46138

Score
10/10
troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

Malware Config

Targets

    • Target

      Scans0111.scr

    • Size

      915KB

    • MD5

      bd9018eef261652777c1f1f60abebdbb

    • SHA1

      d30de4c0dffea752c8fe5bc0d86c4b1eba316c99

    • SHA256

      f056fc666d085aa67366bab1f4571cfdcb05535c129cc811925d72b337204e36

    • SHA512

      e7c1b2f81d59d435f12c123cdf256917fc47764e624e0a4d2b8daf4fd09b47cc427cad0134a6f97bf2dc88c1472990b856fd284d27307661eebb35e255852ebb

    Score
    10/10
    troldeshdiscoverypersistenceransomwaretrojanupxspywarestealer

    • Troldesh, Shade, Encoder.858

      Troldesh is a ransomware spread by malspam.

      ransomwaretrojantroldesh

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks