Overview

overview

10

Static

static

3

9ecfb4b645...18.exe

windows7-x64

10

9ecfb4b645...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9ecfb4b645486c9dbd180fe675ad99fd_JaffaCakes118

  • Size

    965KB

  • Sample

    240611-tzxxestekq

  • MD5

    9ecfb4b645486c9dbd180fe675ad99fd

  • SHA1

    7386befa8d978c3c8d445421a1b49803ad4ae0c8

  • SHA256

    39cb7fa1e919f2a5331938260bebdb0138a5302f4673e5effb3127ac4d03b25f

  • SHA512

    bdbeedfb35f9b2719841fbdf2ee5893cc03a111fc6b8cfe397d766d4cf7d3f34d80caf2ea640c4d31f2fc8ba787edd42c7361825fd3662fb9acf5dce7d9c72a4

  • SSDEEP

    24576:qlUyTJTwWj1PUeC4ttGV05XknQoh6kfPQL7SsiDVABe:qCyTJ78EtGW5DHYx5DVABe

Score
10/10
troldeshpersistenceransomwaretrojanupx

Malware Config

Targets

    • Target

      9ecfb4b645486c9dbd180fe675ad99fd_JaffaCakes118

    • Size

      965KB

    • MD5

      9ecfb4b645486c9dbd180fe675ad99fd

    • SHA1

      7386befa8d978c3c8d445421a1b49803ad4ae0c8

    • SHA256

      39cb7fa1e919f2a5331938260bebdb0138a5302f4673e5effb3127ac4d03b25f

    • SHA512

      bdbeedfb35f9b2719841fbdf2ee5893cc03a111fc6b8cfe397d766d4cf7d3f34d80caf2ea640c4d31f2fc8ba787edd42c7361825fd3662fb9acf5dce7d9c72a4

    • SSDEEP

      24576:qlUyTJTwWj1PUeC4ttGV05XknQoh6kfPQL7SsiDVABe:qCyTJ78EtGW5DHYx5DVABe

    Score
    10/10
    troldeshpersistenceransomwaretrojanupx

    • Troldesh, Shade, Encoder.858

      Troldesh is a ransomware spread by malspam.

      ransomwaretrojantroldesh

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks