troldesh | df2894b4298be05620b329d27bf0b45314629316fd6a082b6d90bbdfe9bf5a53 | Triage

Submit
Reports

Overview

overview

Static

static

1

13ff5145f9...4e.exe

windows7-x64

13ff5145f9...4e.exe

windows10-2004-x64

Resubmissions

30-12-2023 09:02

231230-kzgqrsedaj 10

Sharing

General

Target

13ff5145f905b197eee478e565e30f4e
Size

1.2MB
Sample

231230-kzgqrsedaj
MD5

13ff5145f905b197eee478e565e30f4e
SHA1

5d983937eeb3ce1455eed52bb478c84d54d64f81
SHA256

df2894b4298be05620b329d27bf0b45314629316fd6a082b6d90bbdfe9bf5a53
SHA512

02a97bcca38b98d481e05bb8216d22bc893594d887b45bb9c87732c0f030dcdcdc40e3f1d3a5954751e888a3056bd44996ea7e36eca37f4977642ef38da417ca
SSDEEP

24576:XHtrdKYVVSrqGDohJ3STZG8vIn/sCBGnWsY0Dy2:XHtV7GwBSTc8An/4YF2

Score

10^/10

troldesh discovery persistence ransomware trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

13ff5145f905b197eee478e565e30f4e.exe

Resource

win7-20231129-en

troldesh discovery persistence ransomware trojan upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

13ff5145f905b197eee478e565e30f4e.exe

Resource

win10v2004-20231215-en

troldesh discovery persistence ransomware trojan upx

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  13ff5145f905b197eee478e565e30f4e
- Size
  
  1.2MB
- MD5
  
  13ff5145f905b197eee478e565e30f4e
- SHA1
  
  5d983937eeb3ce1455eed52bb478c84d54d64f81
- SHA256
  
  df2894b4298be05620b329d27bf0b45314629316fd6a082b6d90bbdfe9bf5a53
- SHA512
  
  02a97bcca38b98d481e05bb8216d22bc893594d887b45bb9c87732c0f030dcdcdc40e3f1d3a5954751e888a3056bd44996ea7e36eca37f4977642ef38da417ca
- SSDEEP
  
  24576:XHtrdKYVVSrqGDohJ3STZG8vIn/sCBGnWsY0Dy2:XHtV7GwBSTc8An/4YF2
Score

10^/10

troldesh discovery persistence ransomware trojan upx
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

troldeshdiscoverypersistenceransomwaretrojanupx

behavioral2

troldeshdiscoverypersistenceransomwaretrojanupx

© 2018-2025

Terms | Privacy