Overview

overview

10

Static

static

3

730f9c3e99...18.exe

windows7-x64

10

730f9c3e99...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    730f9c3e99beda425754493c32dc3b2b_JaffaCakes118

  • Size

    1006KB

  • Sample

    240525-yj2ynage74

  • MD5

    730f9c3e99beda425754493c32dc3b2b

  • SHA1

    8b9f609fa7742e0d7fe59ae9db28b63ba6df90d9

  • SHA256

    de3b218ae82c286412030f12c5643bc9583816635e9b094127ae9132886faa1a

  • SHA512

    3aa7c7819acdb7daddd3863a9c4f5a093d2c55ceac850a552505a1665a36f54b387d2b80d9d86b31251eb2c14454baaaa424c307d98368740f490878066f9a01

  • SSDEEP

    24576:ymgj4I9Ihi1S3oYmsTSg82hDHWITec+Csu:t/l3olg80HLua

Score
10/10
troldeshpersistenceransomwaretrojanupx

Malware Config

Targets

    • Target

      730f9c3e99beda425754493c32dc3b2b_JaffaCakes118

    • Size

      1006KB

    • MD5

      730f9c3e99beda425754493c32dc3b2b

    • SHA1

      8b9f609fa7742e0d7fe59ae9db28b63ba6df90d9

    • SHA256

      de3b218ae82c286412030f12c5643bc9583816635e9b094127ae9132886faa1a

    • SHA512

      3aa7c7819acdb7daddd3863a9c4f5a093d2c55ceac850a552505a1665a36f54b387d2b80d9d86b31251eb2c14454baaaa424c307d98368740f490878066f9a01

    • SSDEEP

      24576:ymgj4I9Ihi1S3oYmsTSg82hDHWITec+Csu:t/l3olg80HLua

    Score
    10/10
    troldeshpersistenceransomwaretrojanupx

    • Troldesh, Shade, Encoder.858

      Troldesh is a ransomware spread by malspam.

      ransomwaretrojantroldesh

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks