troldesh | 39cb7fa1e919f2a5331938260bebdb0138a5302f4673e5effb3127ac4d03b25f | Triage

Submit
Reports

Overview

overview

Static

static

3

9ecfb4b645...18.exe

windows7-x64

9ecfb4b645...18.exe

windows10-2004-x64

Sharing

General

Target

9ecfb4b645486c9dbd180fe675ad99fd_JaffaCakes118
Size

965KB
Sample

240611-tzxxestekq
MD5

9ecfb4b645486c9dbd180fe675ad99fd
SHA1

7386befa8d978c3c8d445421a1b49803ad4ae0c8
SHA256

39cb7fa1e919f2a5331938260bebdb0138a5302f4673e5effb3127ac4d03b25f
SHA512

bdbeedfb35f9b2719841fbdf2ee5893cc03a111fc6b8cfe397d766d4cf7d3f34d80caf2ea640c4d31f2fc8ba787edd42c7361825fd3662fb9acf5dce7d9c72a4
SSDEEP

24576:qlUyTJTwWj1PUeC4ttGV05XknQoh6kfPQL7SsiDVABe:qCyTJ78EtGW5DHYx5DVABe

Score

10^/10

troldesh persistence ransomware trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9ecfb4b645486c9dbd180fe675ad99fd_JaffaCakes118.exe

Resource

win7-20240419-en

troldesh persistence ransomware trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

9ecfb4b645486c9dbd180fe675ad99fd_JaffaCakes118.exe

Resource

win10v2004-20240508-en

troldesh persistence ransomware trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  9ecfb4b645486c9dbd180fe675ad99fd_JaffaCakes118
- Size
  
  965KB
- MD5
  
  9ecfb4b645486c9dbd180fe675ad99fd
- SHA1
  
  7386befa8d978c3c8d445421a1b49803ad4ae0c8
- SHA256
  
  39cb7fa1e919f2a5331938260bebdb0138a5302f4673e5effb3127ac4d03b25f
- SHA512
  
  bdbeedfb35f9b2719841fbdf2ee5893cc03a111fc6b8cfe397d766d4cf7d3f34d80caf2ea640c4d31f2fc8ba787edd42c7361825fd3662fb9acf5dce7d9c72a4
- SSDEEP
  
  24576:qlUyTJTwWj1PUeC4ttGV05XknQoh6kfPQL7SsiDVABe:qCyTJ78EtGW5DHYx5DVABe
Score

10^/10

troldesh persistence ransomware trojan upx
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

troldeshpersistenceransomwaretrojanupx

behavioral2

troldeshpersistenceransomwaretrojanupx

© 2018-2024

Terms | Privacy