General

  • Target

  • Size

    1.4MB

  • Sample

    240724-2te4esvfja

  • MD5

    a8f847d3f2d2e79599884ec078cbbd8e

  • SHA1

    1b5c86c5e1352bda849e0ac6e16872a7eb46e931

  • SHA256

    1f0399899fa16b89773167d87b10d2add2364e2ad9a1e32da537220ad0253c50

  • SHA512

    1e6117708cb7dee60f2dfb0d1687a52d65e7c8632d35fab305a999d281cf0ab17c252828556526753c4e8bff2d5bb7a1dfb10d91f2c8ee75dc6a3b87e8d273ab

  • SSDEEP

    12288:WZgSKWk54jeg6lL5assQHtzV2KoLJ+PwXxwuLSJ8slf1zMr6iL/KNDx2PIXe2Q:KgoLetlLS8tz6V+PwD0XVMrXCNDxtK

Malware Config

Targets

    • Target

    • Size

      1.4MB

    • MD5

      a8f847d3f2d2e79599884ec078cbbd8e

    • SHA1

      1b5c86c5e1352bda849e0ac6e16872a7eb46e931

    • SHA256

      1f0399899fa16b89773167d87b10d2add2364e2ad9a1e32da537220ad0253c50

    • SHA512

      1e6117708cb7dee60f2dfb0d1687a52d65e7c8632d35fab305a999d281cf0ab17c252828556526753c4e8bff2d5bb7a1dfb10d91f2c8ee75dc6a3b87e8d273ab

    • SSDEEP

      12288:WZgSKWk54jeg6lL5assQHtzV2KoLJ+PwXxwuLSJ8slf1zMr6iL/KNDx2PIXe2Q:KgoLetlLS8tz6V+PwD0XVMrXCNDxtK

    • Troldesh, Shade, Encoder.858

      Troldesh is a ransomware spread by malspam.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks