Resubmissions

06-04-2024 15:17

240406-sn66aadg54 10

06-04-2024 15:17

240406-sn27bsdg46 10

06-04-2024 15:16

240406-snv31sda6x 10

06-04-2024 15:16

240406-snretsda6s 10

30-06-2022 18:18

220630-wxv16ahdh2 10

General

  • Target

    3fe4d9fa4f05d8d12333821a43f91e25bd32f07dc00983183289acffe6b2d229

  • Size

    1.5MB

  • Sample

    240406-sn66aadg54

  • MD5

    c13629942b30c7773b827380a7ffc045

  • SHA1

    1c0127290effd2571710cef81b95bee140a99f7f

  • SHA256

    3fe4d9fa4f05d8d12333821a43f91e25bd32f07dc00983183289acffe6b2d229

  • SHA512

    6e188f90eaa811fca22a646c1ed17266647f931a05166218df002e5d51168f2eb1a5ce3a9881baf51126087a6793d8cc0d9c5b0a51296cc27257903e93eb6d11

  • SSDEEP

    24576:9JSlxEJLbyy1BEEmuOdScyLmYBSnMVJKg3WtDI78Q:9JSlR8OdSPL4n6Isq07/

Malware Config

Targets

    • Target

      3fe4d9fa4f05d8d12333821a43f91e25bd32f07dc00983183289acffe6b2d229

    • Size

      1.5MB

    • MD5

      c13629942b30c7773b827380a7ffc045

    • SHA1

      1c0127290effd2571710cef81b95bee140a99f7f

    • SHA256

      3fe4d9fa4f05d8d12333821a43f91e25bd32f07dc00983183289acffe6b2d229

    • SHA512

      6e188f90eaa811fca22a646c1ed17266647f931a05166218df002e5d51168f2eb1a5ce3a9881baf51126087a6793d8cc0d9c5b0a51296cc27257903e93eb6d11

    • SSDEEP

      24576:9JSlxEJLbyy1BEEmuOdScyLmYBSnMVJKg3WtDI78Q:9JSlR8OdSPL4n6Isq07/

    • Troldesh, Shade, Encoder.858

      Troldesh is a ransomware spread by malspam.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks