troldesh | 8b04af13b729b0634b1a3c83e5758f25aecb708480bf2e3df524e889b305c621 | Triage

Submit
Reports

Overview

overview

Static

static

3

8b04af13b7...21.exe

windows7-x64

8b04af13b7...21.exe

windows10-1703-x64

8b04af13b7...21.exe

windows10-2004-x64

8b04af13b7...21.exe

windows11-21h2-x64

Resubmissions

18-03-2024 13:45

240318-q2hzhaab76 10

Sharing

General

Target

8b04af13b729b0634b1a3c83e5758f25aecb708480bf2e3df524e889b305c621
Size

1020KB
Sample

240414-mxgzvsga72
MD5

496f86f951e1dbd3c4534d51a5297668
SHA1

1199c5f30f5724841905cbdb9787649d15aae3d5
SHA256

8b04af13b729b0634b1a3c83e5758f25aecb708480bf2e3df524e889b305c621
SHA512

382abc596081ca5d0fdea39b12afe433e446cd50f59e4abca818162d96e46465beb1cda631109083071e7c050af6bfcf867be41d02c1e2ebe5dd99f61f45d510
SSDEEP

24576:es0fVWVbd8fKT0KqTAFFCa/2yDEmdvAkomBbOsn51D:es0fVWVR8fKTeU1imBbl51D

Score

10^/10

troldesh persistence ransomware trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8b04af13b729b0634b1a3c83e5758f25aecb708480bf2e3df524e889b305c621.exe

Resource

win7-20240221-en

troldesh persistence ransomware trojan upx

windows7-x64

9 signatures

300 seconds

Behavioral task

behavioral2

Sample

8b04af13b729b0634b1a3c83e5758f25aecb708480bf2e3df524e889b305c621.exe

Resource

win10-20240404-en

troldesh persistence ransomware trojan upx

windows10-1703-x64

9 signatures

300 seconds

Behavioral task

behavioral3

Sample

8b04af13b729b0634b1a3c83e5758f25aecb708480bf2e3df524e889b305c621.exe

Resource

win10v2004-20240412-en

troldesh persistence ransomware trojan upx

windows10-2004-x64

9 signatures

300 seconds

Behavioral task

behavioral4

Sample

8b04af13b729b0634b1a3c83e5758f25aecb708480bf2e3df524e889b305c621.exe

Resource

win11-20240412-en

troldesh persistence ransomware trojan upx

windows11-21h2-x64

9 signatures

300 seconds

Malware Config

Targets

- Target
  
  8b04af13b729b0634b1a3c83e5758f25aecb708480bf2e3df524e889b305c621
- Size
  
  1020KB
- MD5
  
  496f86f951e1dbd3c4534d51a5297668
- SHA1
  
  1199c5f30f5724841905cbdb9787649d15aae3d5
- SHA256
  
  8b04af13b729b0634b1a3c83e5758f25aecb708480bf2e3df524e889b305c621
- SHA512
  
  382abc596081ca5d0fdea39b12afe433e446cd50f59e4abca818162d96e46465beb1cda631109083071e7c050af6bfcf867be41d02c1e2ebe5dd99f61f45d510
- SSDEEP
  
  24576:es0fVWVbd8fKT0KqTAFFCa/2yDEmdvAkomBbOsn51D:es0fVWVR8fKTeU1imBbl51D
Score

10^/10

troldesh persistence ransomware trojan upx
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

troldeshpersistenceransomwaretrojanupx

behavioral2

troldeshpersistenceransomwaretrojanupx

behavioral3

troldeshpersistenceransomwaretrojanupx

behavioral4

troldeshpersistenceransomwaretrojanupx

© 2018-2025

Terms | Privacy