Overview

overview

10

Static

static

1

e5379ed6df...d4.exe

windows7-x64

10

e5379ed6df...d4.exe

windows10-1703-x64

10

e5379ed6df...d4.exe

windows10-2004-x64

10

e5379ed6df...d4.exe

windows11-21h2-x64

10

Resubmissions

29-01-2023 18:07

230129-wqck8sgd68 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e5379ed6dfd3130a49dcddcdddec6b21c7f90d7dee15fc9219e7ccaa0fad87d4

  • Size

    1.1MB

  • Sample

    240414-pgdcvage73

  • MD5

    7e921e11caeb6f9594fa286d217af62e

  • SHA1

    9253c2e0c30b7279fe6cf6a052b55b2b43ee2f84

  • SHA256

    e5379ed6dfd3130a49dcddcdddec6b21c7f90d7dee15fc9219e7ccaa0fad87d4

  • SHA512

    8d5af1af21e4a24d5546515d9f2af5a51598de7e5e335e139c38f5f426fdb0359dabb00ea6e0d0b84846781be553a8ab234b1b6c9cdf429100569101ba055fcc

  • SSDEEP

    12288:n0FWRGqrviIa4un1WnkOJz2CFBsZX/STM3f7rUuWe+UmXELXSLbFUhNl7T7R+UtU:MunKIaNAnkOEKBslQU8ELitm/DtVy

Score
10/10
troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

Malware Config

Targets

    • Target

      e5379ed6dfd3130a49dcddcdddec6b21c7f90d7dee15fc9219e7ccaa0fad87d4

    • Size

      1.1MB

    • MD5

      7e921e11caeb6f9594fa286d217af62e

    • SHA1

      9253c2e0c30b7279fe6cf6a052b55b2b43ee2f84

    • SHA256

      e5379ed6dfd3130a49dcddcdddec6b21c7f90d7dee15fc9219e7ccaa0fad87d4

    • SHA512

      8d5af1af21e4a24d5546515d9f2af5a51598de7e5e335e139c38f5f426fdb0359dabb00ea6e0d0b84846781be553a8ab234b1b6c9cdf429100569101ba055fcc

    • SSDEEP

      12288:n0FWRGqrviIa4un1WnkOJz2CFBsZX/STM3f7rUuWe+UmXELXSLbFUhNl7T7R+UtU:MunKIaNAnkOEKBslQU8ELitm/DtVy

    Score
    10/10
    troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

    • Troldesh, Shade, Encoder.858

      Troldesh is a ransomware spread by malspam.

      ransomwaretrojantroldesh

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies Installed Components in the registry

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks