troldesh | 4486ecf3f3498975deb6bc982ee6c543d1453cd55fd35662eef7dc7878c3e407 | Triage

Submit
Reports

Overview

overview

Static

static

1

4486ecf3f3...07.exe

windows7-x64

Resubmissions

07-04-2024 02:21

240407-cs71daba79 10

07-04-2024 02:21

240407-cs2hlaae5t 10

07-04-2024 02:20

240407-csw8waba75 10

07-04-2024 02:20

240407-csr9xsae4x 10

07-07-2022 18:59

220707-xm664shhb2 10

Sharing

General

Target

4486ecf3f3498975deb6bc982ee6c543d1453cd55fd35662eef7dc7878c3e407
Size

1.0MB
Sample

240407-csw8waba75
MD5

dd77766a7812b98ad629c9d95e32a616
SHA1

9c821700d9af634ac0c3cf2076ac3e681774c47f
SHA256

4486ecf3f3498975deb6bc982ee6c543d1453cd55fd35662eef7dc7878c3e407
SHA512

d49067da309deec250ab5753fec487ed77b6e3659cb7d4f41b4a81b3eacfc370ddd024bb14bea11a660234f468ea1535f5971f7e51b1736c60f0a783ff5b2c1d
SSDEEP

12288:CT1tIG8n5WecvDH0viPR6dDHPpnPj75I4SoQbCdWze/fswN+eSchTyGojj0nUZNP:CBtLULYDHTR8/IQmdkfsq+myGyYywqGE

Score

10^/10

troldesh discovery persistence ransomware spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

4486ecf3f3498975deb6bc982ee6c543d1453cd55fd35662eef7dc7878c3e407.exe

Resource

win7-20240221-en

troldesh discovery persistence ransomware spyware stealer trojan upx

windows7-x64

8 signatures

600 seconds

Malware Config

Targets

- Target
  
  4486ecf3f3498975deb6bc982ee6c543d1453cd55fd35662eef7dc7878c3e407
- Size
  
  1.0MB
- MD5
  
  dd77766a7812b98ad629c9d95e32a616
- SHA1
  
  9c821700d9af634ac0c3cf2076ac3e681774c47f
- SHA256
  
  4486ecf3f3498975deb6bc982ee6c543d1453cd55fd35662eef7dc7878c3e407
- SHA512
  
  d49067da309deec250ab5753fec487ed77b6e3659cb7d4f41b4a81b3eacfc370ddd024bb14bea11a660234f468ea1535f5971f7e51b1736c60f0a783ff5b2c1d
- SSDEEP
  
  12288:CT1tIG8n5WecvDH0viPR6dDHPpnPj75I4SoQbCdWze/fswN+eSchTyGojj0nUZNP:CBtLULYDHTR8/IQmdkfsq+myGyYywqGE
Score

10^/10

troldesh discovery persistence ransomware spyware stealer trojan upx
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

© 2018-2024

Terms | Privacy