General

  • Target

    6122e3767cd08da9e465a6651784440863cf847a51a588d7e5f95a3000ee72cc

  • Size

    1.1MB

  • Sample

    220724-ybxc7sdgg9

  • MD5

    b16d0f83bf1d7b24c3b2d97687a99c8e

  • SHA1

    0d0c68df9b913e807c07b80dd9e6c2ddd9670490

  • SHA256

    6122e3767cd08da9e465a6651784440863cf847a51a588d7e5f95a3000ee72cc

  • SHA512

    cc2ccc477d4c4c6180a7abc0ed1907bdd3ff988bd40782b4e097400c9637e5d5cd2fb18c851cb8b816af4c1f800f0fd01c84adcc8d48c515415f159661482a1b

Malware Config

Targets

    • Target

      6122e3767cd08da9e465a6651784440863cf847a51a588d7e5f95a3000ee72cc

    • Size

      1.1MB

    • MD5

      b16d0f83bf1d7b24c3b2d97687a99c8e

    • SHA1

      0d0c68df9b913e807c07b80dd9e6c2ddd9670490

    • SHA256

      6122e3767cd08da9e465a6651784440863cf847a51a588d7e5f95a3000ee72cc

    • SHA512

      cc2ccc477d4c4c6180a7abc0ed1907bdd3ff988bd40782b4e097400c9637e5d5cd2fb18c851cb8b816af4c1f800f0fd01c84adcc8d48c515415f159661482a1b

    • Troldesh, Shade, Encoder.858

      Troldesh is a ransomware spread by malspam.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks