General

  • Target

    de6636da2635e77c29d6c1cbe4d7861607591faa1aa288d9f402711b6f54b6d9

  • Size

    1.2MB

  • Sample

    220725-e5rv2aegb8

  • MD5

    fcaab297c413cb5c061656ecda75d004

  • SHA1

    cc79377e1ae8a21e1debaf524e721875a9afc58a

  • SHA256

    de6636da2635e77c29d6c1cbe4d7861607591faa1aa288d9f402711b6f54b6d9

  • SHA512

    3024c7aaf052bfbb3a7286ab81808a62f166fe928f1e5a2e57ded397602600fa2305a009233075d6c7d72a3767fbd5b6daefa0df844b222dbbdbe54ae96b48d0

Malware Config

Targets

    • Target

      de6636da2635e77c29d6c1cbe4d7861607591faa1aa288d9f402711b6f54b6d9

    • Size

      1.2MB

    • MD5

      fcaab297c413cb5c061656ecda75d004

    • SHA1

      cc79377e1ae8a21e1debaf524e721875a9afc58a

    • SHA256

      de6636da2635e77c29d6c1cbe4d7861607591faa1aa288d9f402711b6f54b6d9

    • SHA512

      3024c7aaf052bfbb3a7286ab81808a62f166fe928f1e5a2e57ded397602600fa2305a009233075d6c7d72a3767fbd5b6daefa0df844b222dbbdbe54ae96b48d0

    • Troldesh, Shade, Encoder.858

      Troldesh is a ransomware spread by malspam.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks