troldesh | 88380436e1de1a6f4ad4c81131fd32734889e3cdf0a71029df19c1cad01fbc7a | Triage

Submit
Reports

Overview

overview

Static

static

1

bf32e333d6...bb.exe

windows7-x64

bf32e333d6...bb.exe

windows10-1703-x64

bf32e333d6...bb.exe

windows10-2004-x64

bf32e333d6...bb.exe

windows11-21h2-x64

Resubmissions

14-05-2023 23:14

230514-28eq7sgb8z 10

Sharing

General

Target

bf32e333d663fe20ab1c77d2f3f3af946fb159c51b1cd3b4b2afd6fc3e1897bb.rar
Size

917KB
Sample

240414-pbbxtsge32
MD5

ce394be06f41a579a7f0ebebe0b61d3c
SHA1

7140c53ab25d95c2e031c3e546a5d69c72d3a77c
SHA256

88380436e1de1a6f4ad4c81131fd32734889e3cdf0a71029df19c1cad01fbc7a
SHA512

a218b58ad11f6f0ba4f6089fe2a3b3fd059426227d58bc1931e8a360e85d19fe95275e77c4e1ba56c04ebfeeefe284b5bdca82a2696bf644f73300c634a139b3
SSDEEP

24576:J69Yc1eaKpHsvQezkVfZzmckXNf5NklgfkGQppv9:81+3XqmGM

Score

10^/10

troldesh discovery persistence ransomware spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

bf32e333d663fe20ab1c77d2f3f3af946fb159c51b1cd3b4b2afd6fc3e1897bb.exe

Resource

win7-20231129-en

troldesh discovery persistence ransomware spyware stealer trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

bf32e333d663fe20ab1c77d2f3f3af946fb159c51b1cd3b4b2afd6fc3e1897bb.exe

Resource

win10-20240404-en

troldesh discovery persistence ransomware spyware stealer trojan upx

windows10-1703-x64

7 signatures

150 seconds

Behavioral task

behavioral3

Sample

bf32e333d663fe20ab1c77d2f3f3af946fb159c51b1cd3b4b2afd6fc3e1897bb.exe

Resource

win10v2004-20240412-en

troldesh discovery persistence ransomware spyware stealer trojan upx

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral4

Sample

bf32e333d663fe20ab1c77d2f3f3af946fb159c51b1cd3b4b2afd6fc3e1897bb.exe

Resource

win11-20240412-en

troldesh discovery persistence ransomware spyware stealer trojan upx

windows11-21h2-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  bf32e333d663fe20ab1c77d2f3f3af946fb159c51b1cd3b4b2afd6fc3e1897bb
- Size
  
  1.5MB
- MD5
  
  695a0d416cdccad008acb2369b0165a2
- SHA1
  
  c9002f65273ac587f5753f50cf61911885d92521
- SHA256
  
  bf32e333d663fe20ab1c77d2f3f3af946fb159c51b1cd3b4b2afd6fc3e1897bb
- SHA512
  
  e92a53c963f5aacf94cbbda3da097d1f29140459ff552d5659ecca3f6c33aec6063c13ce16d3ff6c0046ee88400c6bc5bf410aa9fbc4513c478c0bc0423de051
- SSDEEP
  
  24576:kcDD3THmsmB7K1k52fzgtv0HqIYG3yC3Q1KbeRho7KWU8RKDyAlAY:bTHmsq72zgtv0HYG37bD7KWU8UhV
Score

10^/10

troldesh discovery persistence ransomware spyware stealer trojan upx
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

behavioral2

troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

behavioral3

troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

behavioral4

troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

© 2018-2025

Terms | Privacy