General
-
Target
ransom.js.zip
-
Size
2KB
-
Sample
231018-tdf2safg9z
-
MD5
9590c385f7df227a17a61f7bbd7ccc54
-
SHA1
1e5823f9e05e8f0c369ad4c7a4f5b038f0d759d2
-
SHA256
7e82168b3d2a5318d489acf0bd260dbc6d622248ef752d600d18ca69038c64db
-
SHA512
09c2ec1b1b3be8e59bcc7fb35d9f063bceba75cfe04e28d46c34f16ebb5be05aa614598d53c2be5921ec94be09a30bf1d91677d7efecccee3552bfce1f4b6181
Malware Config
Targets
-
-
Target
ransom.js
-
Size
5KB
-
MD5
a724f9e28bac9aecafd3f89648dd2cfe
-
SHA1
5299483e34930b25d878bc2fa9bdf04406ffe0d4
-
SHA256
63228f8c6d0944cff64fae26d3694bf1efd1a3d5d08a11cd4bfcb5cf19d6fc54
-
SHA512
70a2bb681b3d7e5e5fb24ba9e071ee5b688d8a9f557d70f371dcc706ed50bb8945605862e30c13fa242a340c075e8618da114f73baba7ba60e491f7410b562ac
-
SSDEEP
96:ARW/UCeBiP7xcaDz9KkpTWC1lazQnP4HblO+:Ak/UV56kCTWElbP4HhR
Score10/10-
Troldesh, Shade, Encoder.858
Troldesh is a ransomware spread by malspam.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Indicator Removal
2File Deletion
2Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1