troldesh | c6c82205aedefa0de9cf8ace02f4156d2b6ec990370a6ce27f4cd24c5d4a27df | Triage

Submit
Reports

Overview

overview

Static

static

c6c82205ae...df.exe

windows7-x64

c6c82205ae...df.exe

windows10-2004-x64

Sharing

General

Target

c6c82205aedefa0de9cf8ace02f4156d2b6ec990370a6ce27f4cd24c5d4a27df
Size

1.6MB
Sample

220731-hqbgaaedcr
MD5

11e06aa4677c4b40e50741a5b48893fe
SHA1

dbf76baece6b01f13dff341677025ac0b126d3bc
SHA256

c6c82205aedefa0de9cf8ace02f4156d2b6ec990370a6ce27f4cd24c5d4a27df
SHA512

b963d1cad00affa8adeb4dbee9bfaef337e372813d83da6fae0195f6f3e1b88da9c9cb10f30e816f131497bdd1d2c274a2ba3ce83cb7f19c652b619348a71af4

Score

10^/10

troldesh discovery persistence ransomware spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

c6c82205aedefa0de9cf8ace02f4156d2b6ec990370a6ce27f4cd24c5d4a27df.exe

Resource

win7-20220715-en

troldesh discovery persistence ransomware trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

c6c82205aedefa0de9cf8ace02f4156d2b6ec990370a6ce27f4cd24c5d4a27df.exe

Resource

win10v2004-20220721-en

troldesh discovery persistence ransomware spyware stealer trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  c6c82205aedefa0de9cf8ace02f4156d2b6ec990370a6ce27f4cd24c5d4a27df
- Size
  
  1.6MB
- MD5
  
  11e06aa4677c4b40e50741a5b48893fe
- SHA1
  
  dbf76baece6b01f13dff341677025ac0b126d3bc
- SHA256
  
  c6c82205aedefa0de9cf8ace02f4156d2b6ec990370a6ce27f4cd24c5d4a27df
- SHA512
  
  b963d1cad00affa8adeb4dbee9bfaef337e372813d83da6fae0195f6f3e1b88da9c9cb10f30e816f131497bdd1d2c274a2ba3ce83cb7f19c652b619348a71af4
Score

10^/10

troldesh discovery persistence ransomware trojan upx spyware stealer
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

troldeshdiscoverypersistenceransomwaretrojanupx

behavioral2

troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

© 2018-2025

Terms | Privacy