troldesh | 6187435f5d957c360897714583a05bb8c3afe85e66e44c224208759de8efee85 | Triage

Submit
Reports

Overview

overview

Static

static

?????? ???...??.jse

windows7-x64

?????? ???...??.jse

windows10-2004-x64

Sharing

General

Target

6187435f5d957c360897714583a05bb8c3afe85e66e44c224208759de8efee85
Size

3KB
Sample

220730-zpr63sfgd2
MD5

a865af0028d70ca4dbe61af35550bfad
SHA1

6068db9e8582dfcf349e48e0348b6f3906b6a00d
SHA256

6187435f5d957c360897714583a05bb8c3afe85e66e44c224208759de8efee85
SHA512

3238dd2b609306642b430eaa229d3066ac80a2a8787c0af4ab02ae901f91cc567b5decc7d953511d8158c4ec3f7cd4239a368b7afdb3ff75b1a4cbd1aef26d9a

Score

10^/10

troldesh discovery persistence ransomware trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

?????? ???????? ??? ??????????? ??????.jse

Resource

win7-20220718-en

troldesh discovery persistence ransomware trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

?????? ???????? ??? ??????????? ??????.jse

Resource

win10v2004-20220721-en

troldesh discovery persistence ransomware trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  ?????? ???????? ??? ??????????? ??????.jse
- Size
  
  6KB
- MD5
  
  7f444d2090858fcad35635ee6685312f
- SHA1
  
  a9c5f6daa1eac9219f04f8f0cca8f32722a70f89
- SHA256
  
  ab366fefa8d58d3a255320e56fa1be56dbc3e22fbbe583fe213f6df1da113b3c
- SHA512
  
  752e15f9ca3b4ad090b4e97b6bbf62576f59679bccc98fa7feff04f5d179a4b17bee4e1916778edd2ac7640ef4f2c91c7a442cd031825fb16cfb1080fc8032fc
Score

10^/10

troldesh discovery persistence ransomware trojan upx
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

troldeshdiscoverypersistenceransomwaretrojanupx

behavioral2

troldeshdiscoverypersistenceransomwaretrojanupx

© 2018-2025

Terms | Privacy