troldesh | 0774ee18a57ee8a20d7f355f23a6b7f049dd93c251e2cc9af0100e92a3526547

Resubmissions

04-04-2024 10:25

240404-mf9csada39 10

04-04-2024 10:18

02-04-2024 03:00

02-04-2024 02:52

31-05-2022 01:49

Sharing

Copy URL

Twitter E-mail

General

Target

0774ee18a57ee8a20d7f355f23a6b7f049dd93c251e2cc9af0100e92a3526547
Size

917KB
Sample

240402-dhm3wsfb76
MD5

6b5410cf5fa90e28d32077088f3a3514
SHA1

321a8ad1d6ec06af69ab4515e523f5d31261814d
SHA256

0774ee18a57ee8a20d7f355f23a6b7f049dd93c251e2cc9af0100e92a3526547
SHA512

6107132f44b4b72e5019425a7536b953bdaa3c1cf46a28cfbcccae4a00dae95489dd2bcbdbbf387eff494a15c049f0e30597e3018662722ef37a533311ca2ecd
SSDEEP

24576:aEjzOm1ixlvxuYejDEmq75NICHpVpuNgda6bU:VrixlE34mq75NICH/iYpbU

Score

10^/10

Malware Config

Targets

- Target
  
  0774ee18a57ee8a20d7f355f23a6b7f049dd93c251e2cc9af0100e92a3526547
- Size
  
  917KB
- MD5
  
  6b5410cf5fa90e28d32077088f3a3514
- SHA1
  
  321a8ad1d6ec06af69ab4515e523f5d31261814d
- SHA256
  
  0774ee18a57ee8a20d7f355f23a6b7f049dd93c251e2cc9af0100e92a3526547
- SHA512
  
  6107132f44b4b72e5019425a7536b953bdaa3c1cf46a28cfbcccae4a00dae95489dd2bcbdbbf387eff494a15c049f0e30597e3018662722ef37a533311ca2ecd
- SSDEEP
  
  24576:aEjzOm1ixlvxuYejDEmq75NICHpVpuNgda6bU:VrixlE34mq75NICH/iYpbU
Score

10^/10

troldesh persistence ransomware trojan upx
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  c32e0fd4ae35ebe913d7bdff974ab7bb
- SHA1
  
  e8ea2c5b030d7438539d1de02a13eb8a01cc5b19
- SHA256
  
  c30114c234497179d4cea17554d82d51e87cdc0e2666ec8394c0c026f3aaa8b3
- SHA512
  
  751fa4046ab7aa3d167f3d3c8096f0aef5f5da439cacba92dddc4acce33b62336c5dd8e5e84a3b3a7616823152ee8fc91d197f5fb1349cc948eb7d7c6f351a44
- SSDEEP
  
  384:EhC43tPegZ3eBaRwCPOYY7nNYXCh/Yosa:EoTgZ3eBTCmrnNAD
Score

3^/10
behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fc3772787eb239ef4d0399680dcc4343
- SHA1
  
  db2fa99ec967178cd8057a14a428a8439a961a73
- SHA256
  
  9b93c61c9d63ef8ec80892cc0e4a0877966dca9b0c3eb85555cebd2ddf4d6eed
- SHA512
  
  79e491ca4591a5da70116114b7fbb66ee15a0532386035e980c9dfe7afb59b1f9d9c758891e25bfb45c36b07afd3e171bac37a86c887387ef0e80b1eaf296c89
- SSDEEP
  
  192:eS24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OloSl:S8QIl975eXqlWBrz7YLOlo
Score

3^/10
behavioral3
- Target
  
  $PLUGINSDIR/ioSpecial.ini
- Size
  
  211B
- MD5
  
  e2d5070bc28db1ac745613689ff86067
- SHA1
  
  282e080b4cf847174c5c11e4f9157b8c338ecb19
- SHA256
  
  d95aed234f932a1c48a2b1b0d98c60ca31f962310c03158e2884ab4ddd3ea1e0
- SHA512
  
  a50ca2014869629135b54e848f03cb4983ad8029cd811300d02b0fc54de0436185f418fea4d3db888eb0f3170e33a59d486aa885f024ab29e630e9bc0ae1a2de
Score

1^/10
behavioral4
- Target
  
  $PLUGINSDIR/modern-wizard.bmp
- Size
  
  25KB
- MD5
  
  cbe40fd2b1ec96daedc65da172d90022
- SHA1
  
  366c216220aa4329dff6c485fd0e9b0f4f0a7944
- SHA256
  
  3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
- SHA512
  
  62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63
- SSDEEP
  
  24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
Score

3^/10
behavioral5
- Target
  
  SignUp.css
- Size
  
  1KB
- MD5
  
  459ac60c0351a30280a9ee9930b2e9c1
- SHA1
  
  986a45b838ab69e39fb36c5506e723bcc50ac468
- SHA256
  
  0db2b4321981ccce2937720e711ded48beda7904957c5cb28b7af06905435bea
- SHA512
  
  71fe88c48dcc6526003121467fcfd4176117152146f55b3b324ae95a0a3cd8808c6f8649f323f655799511e47f172c666c60410f88cb825dfe3b84c38c339efc
Score

3^/10
behavioral6
- Target
  
  Uninstall.exe
- Size
  
  63KB
- MD5
  
  cb3b3be0acb6ba0ddd7741c01353373a
- SHA1
  
  d83315632dc46870e62cef1911e4bfca03ccda47
- SHA256
  
  26cd22712726a4379a4c2c31f3ed368c28d1992bd31990430fc7f540b62f667c
- SHA512
  
  8bdc39ed2138c5cf740d0da07f30149ef8d6de6144abc8408b2af83c1c2ede1034742c9d94fb69f8425d0e8fe7c604ec38b0fa5c4d033b636f21c991210abbd1
- SSDEEP
  
  1536:6Tdm9B9lYypfMXvugHQ0DbLiNuCPYXnj3WCW2EW58A4Romu/1kqbWUt:64lLpkXGED3iNuTnj3WCW2EW5x45VgWW
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral7
- Target
  
  confidence.fjo
- Size
  
  817KB
- MD5
  
  897ed284bff11dcf413a39c2ff1da470
- SHA1
  
  89f20ca6f437ab72b3427297e8efa3a658775dd5
- SHA256
  
  5417189eaaca907f7254e73a7dbffde4a4ecf801688017d8c51aa751d6daaf29
- SHA512
  
  73042c1eac9c29fa9854a9628fe5e798f4bb81ee30030245ccd198470d96119b2d52c680f9e5c3ab6cc8ba0cc60cf0ae8c9319692c0bb9bae8cdab678b62a7c7
- SSDEEP
  
  24576:Pmjin/vxIYUjjE0mDpFA6rpVtuNSdi6Hyh:Cin/OfY0mDpFA6r/umBHyh
Score

3^/10
behavioral8
- Target
  
  global_ie9.css
- Size
  
  1KB
- MD5
  
  8b034c820a379291e68132c8aa38e99b
- SHA1
  
  72cf8934e03aae9879a392c694a00717c6835cc4
- SHA256
  
  dc4c3c5f759484e72d38a1a5ab84f2aebda7f66fb4faa09b0626bfd804419e1e
- SHA512
  
  42dedb8c2f66c36060ed4dcc86f69a6eab1d8949bab6250f2642de724c9a972c815fab2154d4772ebd3f519852e53b280fa7610f1485aa9e9fa0b041bd288ca0
Score

3^/10
behavioral9
- Target
  
  jquery.tooltip.css
- Size
  
  218B
- MD5
  
  ead25ce4d2157a28e089d647d53adb70
- SHA1
  
  1572bc458c6c4cb9d6a030e4f242f1c09c8e6fbb
- SHA256
  
  b11d97096b80494104a4dd931800e085e31df9a3cdb19a45114fccb57fd422db
- SHA512
  
  d722b5cfda9a2dfafac5bbebdcb0767b00cdc64c7c46a4fd2951f3131a4eb14a65b36dc694be2a9fc80d01ac82e3b024a160257bfa55906cd78e2fc51f165e96
Score

3^/10
behavioral10
- Target
  
  landing-gas-icon.png
- Size
  
  2KB
- MD5
  
  f0fe68be9e0671bdb3bfc4427db39057
- SHA1
  
  d32dfdc7d11b7035d8e60aadf74ee3f99829db76
- SHA256
  
  aab0b7c0c8da61ea8f2594226f9e1264c9c7eb107e38f93d5bdaa8c8574be76b
- SHA512
  
  56a745d5d778d7d0bbcc571d2220b95503c0b8b1ee5101a0eb56211417b02a19b8672d8be7046a15e441b7799a9101bbab324c7c8647bba97dd3afbee5406715
Score

3^/10
behavioral11
- Target
  
  nivo.css
- Size
  
  1KB
- MD5
  
  a995391b3cd9b31b6d2ee4b9ba5e3fef
- SHA1
  
  32126647e25b5735dda91dcf6d8411974c4c7f32
- SHA256
  
  27609eb25cd0e2182b0840aef1f030a1871d06f4b022a160d8d2cdfbaf37ef8d
- SHA512
  
  0b487154d8b2efeb7fc7f82a80de9f48597471e1062a9672c76e66d7bc5a1d790a1d4b107d19324bd9f125801f43ed04fe3a1118c9e3b46b0d8cb09ceb89efbf
Score

3^/10
behavioral12
- Target
  
  noFlying.css
- Size
  
  2KB
- MD5
  
  a21d810296510072f617232ade36373a
- SHA1
  
  98c282baedfaa27274357e840f350713dd17720d
- SHA256
  
  6cb15abde508e5b5e6167f28f8a64d6cfab305124fb7e140b695559d1ff3c6cf
- SHA512
  
  7a71f8ebfbfe4edf762a0d8f54728c6751bc250a02378c803c58d2d30590e95da71e7fe4538f8e8b31676c49117d1d8b98fae27fea7aa326f4e79820f72a457a
Score

3^/10
behavioral13
- Target
  
  photo.jpg
- Size
  
  768B
- MD5
  
  712278ca3d0446902a6d09434c316da5
- SHA1
  
  5215df5a1dfaa684f57605d5cee3ef584c5c9abd
- SHA256
  
  1f32954557005735a403c5bb8cec67573014d00d2d57b9655dd06c321e1adc91
- SHA512
  
  86fa0e56f394f2c51781edb37ae686e44b584da1084cc95d89e449a3630af0e688a70e97b29e04985712f82168283bb36dcc3cc32e5fc9b2cdc0f3e573b7939b
Score

3^/10
behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Troldesh, Shade, Encoder.858

Loads dropped DLL

UPX packed file

Adds Run key to start application

Suspicious use of SetThreadContext

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14