troldesh | 4d00ce6c7237134b00cde4b24f1c6dfaffb031cf84845a8bae2a5e5ece8f5434 | Triage

Submit
Reports

Overview

overview

Static

static

1

msg.exe

windows7-x64

Resubmissions

07-04-2024 02:22

240407-cty4vsbb23 10

07-04-2024 02:22

240407-ctsl3sba97 10

07-04-2024 02:22

240407-ctmqtsae6y 10

07-04-2024 02:21

240407-cth3msba89 10

31-07-2022 05:17

220731-fy356aabf6 10

Sharing

General

Target

msg.jpg
Size

1.0MB
Sample

240407-ctsl3sba97
MD5

b891aa5781114582c27baa0c8029777c
SHA1

7a53a0516286728323c8e6d02a6a5e1077726f4c
SHA256

4d00ce6c7237134b00cde4b24f1c6dfaffb031cf84845a8bae2a5e5ece8f5434
SHA512

63e5357d3b24f6435d77c47c510386dfe45e97ade64e574b24f3349a08a63e0f415534a3e5bc72f9d45011abbead12e9d8bfecbd61ff3363326af0b4b73cbc85
SSDEEP

12288:1+iDmbczDn6ILWGXhkogkuSeJLYeOfbg4TIvhVe/v82WgDSMy6ReTcEnr:ciDmwjLWVogkuSeuzT/JpyumcIr

Score

10^/10

troldesh discovery persistence ransomware spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

msg.exe

Resource

win7-20240221-en

troldesh discovery persistence ransomware spyware stealer trojan upx

windows7-x64

16 signatures

1200 seconds

Malware Config

Targets

- Target
  
  msg.jpg
- Size
  
  1.0MB
- MD5
  
  b891aa5781114582c27baa0c8029777c
- SHA1
  
  7a53a0516286728323c8e6d02a6a5e1077726f4c
- SHA256
  
  4d00ce6c7237134b00cde4b24f1c6dfaffb031cf84845a8bae2a5e5ece8f5434
- SHA512
  
  63e5357d3b24f6435d77c47c510386dfe45e97ade64e574b24f3349a08a63e0f415534a3e5bc72f9d45011abbead12e9d8bfecbd61ff3363326af0b4b73cbc85
- SSDEEP
  
  12288:1+iDmbczDn6ILWGXhkogkuSeJLYeOfbg4TIvhVe/v82WgDSMy6ReTcEnr:ciDmwjLWVogkuSeuzT/JpyumcIr
Score

10^/10

troldesh discovery persistence ransomware spyware stealer trojan upx
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

© 2018-2024

Terms | Privacy