troldesh | da3ded0c7411d0a411121043cfc73e675515e41a964486f5b49139f578f7cc9d | Triage

Resubmissions

26-12-2022 13:01

221226-p9g7hagb5x 10

26-12-2022 13:00

221226-p8z1xsgb5w 10

Sharing

General

Target

troldesh.zip
Size

10.9MB
Sample

221226-p9g7hagb5x
MD5

26e693c1bbe7201fafbb2f313ec94574
SHA1

af1da226774c2114c73d01c04dda3071641bee76
SHA256

da3ded0c7411d0a411121043cfc73e675515e41a964486f5b49139f578f7cc9d
SHA512

a8a5ce6f5d7a6234083302461b70400769fbf16db831b8b2c82236ff7642b8cd80c4c6f9e0404a40664fb992ace8359e7843ce3087de84c253cbae96390a7eaa
SSDEEP

196608:fGJZmLH++JFAItYy2uDbAnID9yzY/LYN8SsI16qcLPTxqCJoiqV68idD/daf:fGJIBnztYMAmoOLYN8WB0cCJtqk8idDo

Score

10^/10

troldesh discovery persistence ransomware spyware stealer trojan upx

Malware Config

Targets

- Target
  
  5c6f911f0919dcb1739510e629016304ecc9908cfd6d1c27ac7c0b0710b650f7
- Size
  
  1.1MB
- MD5
  
  5d5d9dba99e609b34ea040ef7003e444
- SHA1
  
  c33169d65768a0b46d50501f3cf7dd948e8f704d
- SHA256
  
  5c6f911f0919dcb1739510e629016304ecc9908cfd6d1c27ac7c0b0710b650f7
- SHA512
  
  e833e2f66325e19ea988d96949311fa6c69cce62c40456523b96fb3e61552a59bd1b6deffeba9df59334c5530079d6277e2ae1a6394b84f6ff8baf0463690e40
- SSDEEP
  
  24576:PrQQEB+ekoKYkrB43qLpM7diN+glAp3R6HTBzDvc:DQQSL1KYO43qLpMkN+MS3YzDvc
Score

10^/10

troldesh discovery persistence ransomware spyware stealer trojan upx
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2 behavioral3
- Target
  
  5c88845385cb608428682e0772fc3ae0fe9e8e97186d438a655e12f3d0d157e0
- Size
  
  1.4MB
- MD5
  
  8ee199d8f0f0244ff70074873ac3ab0e
- SHA1
  
  86cee451ee2a9470a06a5b5cadcec45869f9f8ae
- SHA256
  
  5c88845385cb608428682e0772fc3ae0fe9e8e97186d438a655e12f3d0d157e0
- SHA512
  
  0ee927efd0df67fc46b9fe8920f5244043e02468aa2c7fd420e017313bcf61c368c7d062fc3153dd926ca55b742df6bd16213d0a635dbf4da25d7e948b59c718
- SSDEEP
  
  24576:GHZpi1ZGIRtOi3PdD+qMVyC+N+Ahfv5Ya4nKrE4:NZGI7DdDaVP+NfuamKrT
Score

10^/10

troldesh discovery persistence ransomware spyware stealer trojan upx
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral4 behavioral5 behavioral6
- Target
  
  5d28b7648fbd8cc3d37843a42fb6a12639356eaf0570d647637af9c9915a79f3
- Size
  
  1.5MB
- MD5
  
  2d360833f6e5d55079829f1fef4244c8
- SHA1
  
  723e580eb3608d5d27ad78fa5d067f6d3fcf1f47
- SHA256
  
  5d28b7648fbd8cc3d37843a42fb6a12639356eaf0570d647637af9c9915a79f3
- SHA512
  
  978e47f907f673a27f1d94bd069e380deed6b272c1c1bc419115e00f521f3149a9c1deb7bdf130888ff37f7217eb231e012173053e42ec08d84580c7a9626db3
- SSDEEP
  
  24576:EMT38ElepoawixcPMAVoU3hbvJUuxN01qhMx8mx4tVkN:NDGwiy06o0bzrn2x8W4Pk
Score

10^/10

troldesh discovery persistence ransomware spyware stealer trojan upx
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral7 behavioral8 behavioral9
- Target
  
  86ad83112863848cc9b07cc45e6ae72845e6c71fea9bbb0176450a4247d2e4b7
- Size
  
  1.3MB
- MD5
  
  1eb633b23aac213285349962698e72ed
- SHA1
  
  304e5ab558fa1d00e00a2c0f43f8f41a385eb784
- SHA256
  
  86ad83112863848cc9b07cc45e6ae72845e6c71fea9bbb0176450a4247d2e4b7
- SHA512
  
  6d28fa26a3b15089808df372b8ec9a1151d00964c29c937f451ea3be9eb31799e74ef1f25db644bc9590675a22439ec19921849cb51c9188ad79d4d829839ac5
- SSDEEP
  
  24576:gIpPeRM4fkcxdvdnjqtei/y1RNSA4QGF4ivjd:hP6fkUdFnjqkj1vSA5LiJ
Score

10^/10

troldesh discovery persistence ransomware spyware stealer trojan upx
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral10 behavioral11 behavioral12
- Target
  
  890f40cd572b6a4f06bc642d10c3585a5c815b0e53188d9f827ad3eba5d4f421
- Size
  
  1.3MB
- MD5
  
  d619752e4d6e21240896a2bd9dfe5b09
- SHA1
  
  f0f7b2a2e760ccba4028538c92f41aa2cc3827c7
- SHA256
  
  890f40cd572b6a4f06bc642d10c3585a5c815b0e53188d9f827ad3eba5d4f421
- SHA512
  
  b7f028f7fb65c5014ee0ecd4a8ce113a48acc18e5b2e715a069bc54416d228900a7e927aeec5ec765069719158e9e676be6a0298eedc7ffe26d64faf3a86e68f
- SSDEEP
  
  24576:b2tPLf3UeTgLPgOzwUi9ERQm85EKXqKi7Q:b21fUeTwPJzk98e7i7Q
Score

10^/10

troldesh discovery persistence ransomware spyware stealer trojan upx
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral13 behavioral14 behavioral15
- Target
  
  89c76aae88c0d75a1b9717b714adcbff88e562c14cba8abd604116ac86bc294c
- Size
  
  1.2MB
- MD5
  
  e22ee6e914ee9f28c1f02cf62d603151
- SHA1
  
  66cb1e3cfdaf3626c775af707322664387fba04e
- SHA256
  
  89c76aae88c0d75a1b9717b714adcbff88e562c14cba8abd604116ac86bc294c
- SHA512
  
  65a9ddf5498f0cc37b59b1e8a3968333097faab690cfeccaf6b39b8116d48739d507d6ffeef5fd7ab0efebf21a95fba2464c26ba3a16fcd4e58e4267c20e1e51
- SSDEEP
  
  24576:UOhbGenqCPa8/eKdCMxnYQ3FBXwblqyCB:jJP1ehMxnr15wbby
Score

10^/10

troldesh discovery persistence ransomware spyware stealer trojan upx
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral16 behavioral17 behavioral18

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

behavioral2

troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

behavioral3

troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

behavioral4

troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

behavioral5

troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

behavioral6

troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

behavioral7

troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

behavioral8

troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

behavioral9

troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

behavioral10

troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

behavioral11

troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

behavioral12

troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

behavioral13

troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

behavioral14

troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

behavioral15

troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

behavioral16

troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

behavioral17

troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

behavioral18

troldeshdiscoverypersistenceransomwarespywarestealertrojanupx