troldesh | e9adc19e03d2c6f12136b9bd81d2b979c2fefae39680827bff0e36b1ec3bd40e | Triage

Submit
Reports

Overview

overview

Static

static

3

2aab13d49b...9f.exe

windows7-x64

2aab13d49b...9f.exe

windows10-2004-x64

Sharing

General

Target

2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f.zip
Size

925KB
Sample

240203-r5jkwabhc5
MD5

a08b4df2a7041ec7f93f239dc4a7f8ec
SHA1

47199cd4316f757ac1073eea8f80c27da0583c1c
SHA256

e9adc19e03d2c6f12136b9bd81d2b979c2fefae39680827bff0e36b1ec3bd40e
SHA512

a3070601d544b2471bfe6096d71638d3e835e47c0d64b7b40dc88a5409c741c4505facc55ead8fe1cf469d8c83422d667aa15d55067a5e5c42cdd37b46627a7d
SSDEEP

24576:szC5cfja6AC0Ovotmagr7mxzZHp8pCWwN:CLzzvotm5r7m4pri

Score

10^/10

troldesh persistence ransomware trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f.exe

Resource

win7-20231215-en

troldesh persistence ransomware trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f.exe

Resource

win10v2004-20231222-en

troldesh persistence ransomware trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f.exe
- Size
  
  1.4MB
- MD5
  
  63210f8f1dde6c40a7f3643ccf0ff313
- SHA1
  
  57edd72391d710d71bead504d44389d0462ccec9
- SHA256
  
  2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f
- SHA512
  
  87a89e8ab85be150a783a9f8d41797cfa12f86fdccb48f2180c0498bfd2b1040b730dee4665fe2c83b98d436453680226051b7f1532e1c0e0cda0cf702e80a11
- SSDEEP
  
  12288:WZgSKWk54jeg6lL5assQHtzV2KoLJ+PwXxwuLSJ8slf1zMr6iL/KNDx2PIXe2Q:KgoLetlLS8tz6V+PwD0XVMrXCNDxtK
Score

10^/10

troldesh persistence ransomware trojan upx
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

troldeshpersistenceransomwaretrojanupx

behavioral2

troldeshpersistenceransomwaretrojanupx

© 2018-2025

Terms | Privacy