Overview

overview

10

Static

static

5c6f911f09...f7.exe

windows10-1703-x64

10

5c6f911f09...f7.exe

windows7-x64

10

5c6f911f09...f7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5c6f911f0919dcb1739510e629016304ecc9908cfd6d1c27ac7c0b0710b650f7.zip

  • Size

    972KB

  • Sample

    221226-pa8v6sch63

  • MD5

    cc2bd1e896fe8dc1a0116527d6f00b43

  • SHA1

    3be26ba3ef9b854062acfdc603d068755863282f

  • SHA256

    e12ef4d9f819524735df8ac1c66e84bbc2c0499247c0fa9d40e344fee4f19334

  • SHA512

    536f87f3def1429b5de5d308e08c92ba538f6b28884c622e2709796da388597ad6d3c1ee496f88c0d04c224ba0356f423a8f317bed34929ea60edebd6b143a3c

  • SSDEEP

    24576:ERKJg2qFbatJoMfSM/vbw8Ok3i1+q/VxnPftFbwZ5tej0+Q44ED:ERKJgNAtJoj+bMk3iEq/zntF06PmED

Score
10/10
troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

Malware Config

Targets

    • Target

      5c6f911f0919dcb1739510e629016304ecc9908cfd6d1c27ac7c0b0710b650f7

    • Size

      1.1MB

    • MD5

      5d5d9dba99e609b34ea040ef7003e444

    • SHA1

      c33169d65768a0b46d50501f3cf7dd948e8f704d

    • SHA256

      5c6f911f0919dcb1739510e629016304ecc9908cfd6d1c27ac7c0b0710b650f7

    • SHA512

      e833e2f66325e19ea988d96949311fa6c69cce62c40456523b96fb3e61552a59bd1b6deffeba9df59334c5530079d6277e2ae1a6394b84f6ff8baf0463690e40

    • SSDEEP

      24576:PrQQEB+ekoKYkrB43qLpM7diN+glAp3R6HTBzDvc:DQQSL1KYO43qLpMkN+MS3YzDvc

    Score
    10/10
    troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

    • Troldesh, Shade, Encoder.858

      Troldesh is a ransomware spread by malspam.

      ransomwaretrojantroldesh

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v6

Tasks