troldesh | 8827d1935a406a4a39e3da4b8c994753d7cbddf55ea386ac1bdfe17cf2a6f6f1 | Triage

Submit
Reports

Overview

overview

Static

static

3

095b7c9aaf...4f.exe

windows7-x64

095b7c9aaf...4f.exe

windows10-1703-x64

095b7c9aaf...4f.exe

windows10-2004-x64

095b7c9aaf...4f.exe

windows11-21h2-x64

Resubmissions

11-04-2024 06:50

240411-hl165seb22 10

11-04-2024 06:50

240411-hl1klsea99 10

11-04-2024 06:49

240411-hlr88shb41 10

11-04-2024 06:49

240411-hlnk2sea97 10

11-04-2024 06:49

240411-hlkt6ahb4z 10

07-04-2024 08:26

240407-kb93eahd32 10

07-04-2024 08:26

240407-kb3y4ahd25 10

Sharing

General

Target

095b7c9aafb975f3732092b03b97ff4f.exe
Size

1.4MB
Sample

240411-hl1klsea99
MD5

095b7c9aafb975f3732092b03b97ff4f
SHA1

db77f3b9c3db3f5d016221471f828fbb06e740f7
SHA256

8827d1935a406a4a39e3da4b8c994753d7cbddf55ea386ac1bdfe17cf2a6f6f1
SHA512

29612b32e2e6e9723e2041ee20f7df05ca7d18828270444a4d12b5ee5e2641a149f9880d84cc83054a9f768eeea43bc27fccc81187b97363321e10572285a05a
SSDEEP

12288:WZgSKWk54jeg6lL5assQHtzV2KoLJ+PwXxwuLSJ8slf1zMr6iL/KNDx2PIXekQ:KgoLetlLS8tz6V+PwD0XVMrXCNDxtY

Score

10^/10

troldesh persistence ransomware spyware stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

095b7c9aafb975f3732092b03b97ff4f.exe

Resource

win7-20240221-en

troldesh persistence ransomware spyware stealer trojan upx

windows7-x64

15 signatures

1200 seconds

Behavioral task

behavioral2

Sample

095b7c9aafb975f3732092b03b97ff4f.exe

Resource

win10-20240404-en

troldesh persistence ransomware spyware stealer trojan upx

windows10-1703-x64

24 signatures

1200 seconds

Behavioral task

behavioral3

Sample

095b7c9aafb975f3732092b03b97ff4f.exe

Resource

win10v2004-20240226-en

troldesh persistence ransomware spyware stealer trojan upx

windows10-2004-x64

18 signatures

1200 seconds

Behavioral task

behavioral4

Sample

095b7c9aafb975f3732092b03b97ff4f.exe

Resource

win11-20240221-en

troldesh persistence ransomware spyware stealer trojan upx

windows11-21h2-x64

24 signatures

1200 seconds

Malware Config

Targets

- Target
  
  095b7c9aafb975f3732092b03b97ff4f.exe
- Size
  
  1.4MB
- MD5
  
  095b7c9aafb975f3732092b03b97ff4f
- SHA1
  
  db77f3b9c3db3f5d016221471f828fbb06e740f7
- SHA256
  
  8827d1935a406a4a39e3da4b8c994753d7cbddf55ea386ac1bdfe17cf2a6f6f1
- SHA512
  
  29612b32e2e6e9723e2041ee20f7df05ca7d18828270444a4d12b5ee5e2641a149f9880d84cc83054a9f768eeea43bc27fccc81187b97363321e10572285a05a
- SSDEEP
  
  12288:WZgSKWk54jeg6lL5assQHtzV2KoLJ+PwXxwuLSJ8slf1zMr6iL/KNDx2PIXekQ:KgoLetlLS8tz6V+PwD0XVMrXCNDxtY
Score

10^/10

troldesh persistence ransomware spyware stealer trojan upx
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies Installed Components in the registry
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

troldeshpersistenceransomwarespywarestealertrojanupx

behavioral2

troldeshpersistenceransomwarespywarestealertrojanupx

behavioral3

troldeshpersistenceransomwarespywarestealertrojanupx

behavioral4

troldeshpersistenceransomwarespywarestealertrojanupx

© 2018-2025

Terms | Privacy