troldesh | 0774ee18a57ee8a20d7f355f23a6b7f049dd93c251e2cc9af0100e92a3526547

Resubmissions

04-04-2024 10:25

240404-mf9csada39 10

04-04-2024 10:18

02-04-2024 03:00

02-04-2024 02:52

31-05-2022 01:49

Sharing

Copy URL

Twitter E-mail

General

Target

0774ee18a57ee8a20d7f355f23a6b7f049dd93c251e2cc9af0100e92a3526547
Size

917KB
Sample

240404-mcec8scc31
MD5

6b5410cf5fa90e28d32077088f3a3514
SHA1

321a8ad1d6ec06af69ab4515e523f5d31261814d
SHA256

0774ee18a57ee8a20d7f355f23a6b7f049dd93c251e2cc9af0100e92a3526547
SHA512

6107132f44b4b72e5019425a7536b953bdaa3c1cf46a28cfbcccae4a00dae95489dd2bcbdbbf387eff494a15c049f0e30597e3018662722ef37a533311ca2ecd
SSDEEP

24576:aEjzOm1ixlvxuYejDEmq75NICHpVpuNgda6bU:VrixlE34mq75NICH/iYpbU

Score

10^/10

Malware Config

Targets

- Target
  
  0774ee18a57ee8a20d7f355f23a6b7f049dd93c251e2cc9af0100e92a3526547
- Size
  
  917KB
- MD5
  
  6b5410cf5fa90e28d32077088f3a3514
- SHA1
  
  321a8ad1d6ec06af69ab4515e523f5d31261814d
- SHA256
  
  0774ee18a57ee8a20d7f355f23a6b7f049dd93c251e2cc9af0100e92a3526547
- SHA512
  
  6107132f44b4b72e5019425a7536b953bdaa3c1cf46a28cfbcccae4a00dae95489dd2bcbdbbf387eff494a15c049f0e30597e3018662722ef37a533311ca2ecd
- SSDEEP
  
  24576:aEjzOm1ixlvxuYejDEmq75NICHpVpuNgda6bU:VrixlE34mq75NICH/iYpbU
Score

10^/10

troldesh persistence ransomware trojan upx
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  c32e0fd4ae35ebe913d7bdff974ab7bb
- SHA1
  
  e8ea2c5b030d7438539d1de02a13eb8a01cc5b19
- SHA256
  
  c30114c234497179d4cea17554d82d51e87cdc0e2666ec8394c0c026f3aaa8b3
- SHA512
  
  751fa4046ab7aa3d167f3d3c8096f0aef5f5da439cacba92dddc4acce33b62336c5dd8e5e84a3b3a7616823152ee8fc91d197f5fb1349cc948eb7d7c6f351a44
- SSDEEP
  
  384:EhC43tPegZ3eBaRwCPOYY7nNYXCh/Yosa:EoTgZ3eBTCmrnNAD
Score

3^/10
behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fc3772787eb239ef4d0399680dcc4343
- SHA1
  
  db2fa99ec967178cd8057a14a428a8439a961a73
- SHA256
  
  9b93c61c9d63ef8ec80892cc0e4a0877966dca9b0c3eb85555cebd2ddf4d6eed
- SHA512
  
  79e491ca4591a5da70116114b7fbb66ee15a0532386035e980c9dfe7afb59b1f9d9c758891e25bfb45c36b07afd3e171bac37a86c887387ef0e80b1eaf296c89
- SSDEEP
  
  192:eS24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OloSl:S8QIl975eXqlWBrz7YLOlo
Score

3^/10
behavioral3
- Target
  
  Uninstall.exe
- Size
  
  63KB
- MD5
  
  cb3b3be0acb6ba0ddd7741c01353373a
- SHA1
  
  d83315632dc46870e62cef1911e4bfca03ccda47
- SHA256
  
  26cd22712726a4379a4c2c31f3ed368c28d1992bd31990430fc7f540b62f667c
- SHA512
  
  8bdc39ed2138c5cf740d0da07f30149ef8d6de6144abc8408b2af83c1c2ede1034742c9d94fb69f8425d0e8fe7c604ec38b0fa5c4d033b636f21c991210abbd1
- SSDEEP
  
  1536:6Tdm9B9lYypfMXvugHQ0DbLiNuCPYXnj3WCW2EW58A4Romu/1kqbWUt:64lLpkXGED3iNuTnj3WCW2EW5x45VgWW
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Troldesh, Shade, Encoder.858

Loads dropped DLL

UPX packed file

Adds Run key to start application

Suspicious use of SetThreadContext

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4