troldesh | 03393a11aa1e7181da6f87842ebfac11c1b61bcb46b5b9439e852fa217f4fcd1

Sharing

Copy URL

Twitter E-mail

General

Target

28d5cae120eb97ac6e08c6a1edc8cf11_JaffaCakes118
Size

895KB
Sample

240509-ht8wysfb6x
MD5

28d5cae120eb97ac6e08c6a1edc8cf11
SHA1

04a6c0c5ea7eaebddccfeb9addf7afa783f7b613
SHA256

03393a11aa1e7181da6f87842ebfac11c1b61bcb46b5b9439e852fa217f4fcd1
SHA512

fd29fa2a73f5ea6851a8ee7a2c49c070b8c3a6b8cfe373aeea9a67f408b5ecff1a2062557f167001e0070f297238323f0afdca9fe002c52fd321632d2f9bbc32
SSDEEP

24576:6ulGEbLgBhrWwKrYUfexiRFU9q51c7vHITEACj:6udg46iRFUWyroc

Score

10^/10

Malware Config

Targets

- Target
  
  28d5cae120eb97ac6e08c6a1edc8cf11_JaffaCakes118
- Size
  
  895KB
- MD5
  
  28d5cae120eb97ac6e08c6a1edc8cf11
- SHA1
  
  04a6c0c5ea7eaebddccfeb9addf7afa783f7b613
- SHA256
  
  03393a11aa1e7181da6f87842ebfac11c1b61bcb46b5b9439e852fa217f4fcd1
- SHA512
  
  fd29fa2a73f5ea6851a8ee7a2c49c070b8c3a6b8cfe373aeea9a67f408b5ecff1a2062557f167001e0070f297238323f0afdca9fe002c52fd321632d2f9bbc32
- SSDEEP
  
  24576:6ulGEbLgBhrWwKrYUfexiRFU9q51c7vHITEACj:6udg46iRFUWyroc
Score

10^/10

troldesh persistence ransomware trojan upx
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  3e6bf00b3ac976122f982ae2aadb1c51
- SHA1
  
  caab188f7fdc84d3fdcb2922edeeb5ed576bd31d
- SHA256
  
  4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe
- SHA512
  
  1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706
- SSDEEP
  
  192:eP24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlbSl:T8QIl975eXqlWBrz7YLOlb
Score

3^/10
behavioral3 behavioral4
- Target
  
  chrome563036112.html
- Size
  
  2KB
- MD5
  
  c0e63dfcdb0d83e094482a3674d4fb8d
- SHA1
  
  be928178dd9dc26dc648060eae7f34754430b2ab
- SHA256
  
  fc9eace9f611eebcaa9724441d21b57c09edc6a0bc72e8c467283e62dae482f8
- SHA512
  
  46a82ab801f0802c368a6de833a7eb9ac8bd2cd750d8741025e3599ae8d9d60cd70a3b5acbdc1cae7c90e394191c7b95d69c7026b96129b666869a1c4f9fcf2f
Score

1^/10
behavioral5 behavioral6
- Target
  
  status.js.php
- Size
  
  2KB
- MD5
  
  b3c0a48062237ff9dc6cfc7032b3de6f
- SHA1
  
  99116a8252b90752145e62ae210bc9d9f308d466
- SHA256
  
  04d8b53e59adc1efc91754fcbfa956cfa05b988a9a57c7dfffdcb787fbe5ea22
- SHA512
  
  22b0082617ad00d5e30983c65069f3aeaa8ff5d03ce9cf2081703342b810e79dff4413655a95fc2736583be0177caafbd5d369354b8fa24540fc3fb0b8dfa8f6
Score

3^/10

execution
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Troldesh, Shade, Encoder.858

Loads dropped DLL

UPX packed file

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8