Resubmissions
29-01-2023 18:07
230129-wqck8sgd68 10General
-
Target
e5379ed6dfd3130a49dcddcdddec6b21c7f90d7dee15fc9219e7ccaa0fad87d4
-
Size
1.1MB
-
Sample
240414-pgdcvage73
-
MD5
7e921e11caeb6f9594fa286d217af62e
-
SHA1
9253c2e0c30b7279fe6cf6a052b55b2b43ee2f84
-
SHA256
e5379ed6dfd3130a49dcddcdddec6b21c7f90d7dee15fc9219e7ccaa0fad87d4
-
SHA512
8d5af1af21e4a24d5546515d9f2af5a51598de7e5e335e139c38f5f426fdb0359dabb00ea6e0d0b84846781be553a8ab234b1b6c9cdf429100569101ba055fcc
-
SSDEEP
12288:n0FWRGqrviIa4un1WnkOJz2CFBsZX/STM3f7rUuWe+UmXELXSLbFUhNl7T7R+UtU:MunKIaNAnkOEKBslQU8ELitm/DtVy
Malware Config
Targets
-
-
Target
e5379ed6dfd3130a49dcddcdddec6b21c7f90d7dee15fc9219e7ccaa0fad87d4
-
Size
1.1MB
-
MD5
7e921e11caeb6f9594fa286d217af62e
-
SHA1
9253c2e0c30b7279fe6cf6a052b55b2b43ee2f84
-
SHA256
e5379ed6dfd3130a49dcddcdddec6b21c7f90d7dee15fc9219e7ccaa0fad87d4
-
SHA512
8d5af1af21e4a24d5546515d9f2af5a51598de7e5e335e139c38f5f426fdb0359dabb00ea6e0d0b84846781be553a8ab234b1b6c9cdf429100569101ba055fcc
-
SSDEEP
12288:n0FWRGqrviIa4un1WnkOJz2CFBsZX/STM3f7rUuWe+UmXELXSLbFUhNl7T7R+UtU:MunKIaNAnkOEKBslQU8ELitm/DtVy
Score10/10-
Troldesh, Shade, Encoder.858
Troldesh is a ransomware spread by malspam.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies Installed Components in the registry
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-