troldesh | 8656b52d40b59f87e30a61e4e85ba972c9b0f7930dac55703c9d6bee27132027 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

Screenshot...PM.png

windows11-21h2-x64

Sharing

General

Target

Screenshot 2024-05-08 1.31.48 PM.png
Size

47KB
Sample

240508-2qmzvsbf61
MD5

00119d3efafc6723d916e54e7d5b9068
SHA1

4aae6859b53182dd9b86fa9a0b61e4a730a7b085
SHA256

8656b52d40b59f87e30a61e4e85ba972c9b0f7930dac55703c9d6bee27132027
SHA512

56e38c7dac4e984c9211d523f39f9c540423565e230b6a444d28af57877838ff8b9cfce86cc64b2f2e9626b792b0b84e43741ff8caeb93f7b7fc1ee8b241a885
SSDEEP

768:zXl7M42waZLQY5ebHzYkKxxCymmPFxcKiQ2BFVzJQNLQJo5CVojFww4FlVh2kPVd:7lMLLQY5e4tmmP0VXVnV2FX4zVtP3

Score

10^/10

troldesh bootkit persistence ransomware trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

Screenshot 2024-05-08 1.31.48 PM.png

Resource

win11-20240419-en

troldesh bootkit persistence ransomware trojan upx

windows11-21h2-x64

20 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Screenshot 2024-05-08 1.31.48 PM.png
- Size
  
  47KB
- MD5
  
  00119d3efafc6723d916e54e7d5b9068
- SHA1
  
  4aae6859b53182dd9b86fa9a0b61e4a730a7b085
- SHA256
  
  8656b52d40b59f87e30a61e4e85ba972c9b0f7930dac55703c9d6bee27132027
- SHA512
  
  56e38c7dac4e984c9211d523f39f9c540423565e230b6a444d28af57877838ff8b9cfce86cc64b2f2e9626b792b0b84e43741ff8caeb93f7b7fc1ee8b241a885
- SSDEEP
  
  768:zXl7M42waZLQY5ebHzYkKxxCymmPFxcKiQ2BFVzJQNLQJo5CVojFww4FlVh2kPVd:7lMLLQY5e4tmmP0VXVnV2FX4zVtP3
Score

10^/10

troldesh bootkit persistence ransomware trojan upx
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Pre-OS Boot

Bootkit

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

troldeshbootkitpersistenceransomwaretrojanupx

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.