troldesh | 1f0399899fa16b89773167d87b10d2add2364e2ad9a1e32da537220ad0253c50 | Triage

Submit
Reports

Overview

overview

Static

static

3

1f0399899f...50.exe

windows7-x64

1f0399899f...50.exe

windows10-2004-x64

Sharing

General

Target

1f0399899fa16b89773167d87b10d2add2364e2ad9a1e32da537220ad0253c50.exe
Size

1.4MB
Sample

240725-vj7blawdpb
MD5

a8f847d3f2d2e79599884ec078cbbd8e
SHA1

1b5c86c5e1352bda849e0ac6e16872a7eb46e931
SHA256

1f0399899fa16b89773167d87b10d2add2364e2ad9a1e32da537220ad0253c50
SHA512

1e6117708cb7dee60f2dfb0d1687a52d65e7c8632d35fab305a999d281cf0ab17c252828556526753c4e8bff2d5bb7a1dfb10d91f2c8ee75dc6a3b87e8d273ab
SSDEEP

12288:WZgSKWk54jeg6lL5assQHtzV2KoLJ+PwXxwuLSJ8slf1zMr6iL/KNDx2PIXe2Q:KgoLetlLS8tz6V+PwD0XVMrXCNDxtK

Score

10^/10

troldesh aspackv2 discovery persistence ransomware trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1f0399899fa16b89773167d87b10d2add2364e2ad9a1e32da537220ad0253c50.exe

Resource

win7-20240708-en

troldesh aspackv2 discovery persistence ransomware trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

1f0399899fa16b89773167d87b10d2add2364e2ad9a1e32da537220ad0253c50.exe

Resource

win10v2004-20240709-en

troldesh aspackv2 discovery persistence ransomware trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  1f0399899fa16b89773167d87b10d2add2364e2ad9a1e32da537220ad0253c50.exe
- Size
  
  1.4MB
- MD5
  
  a8f847d3f2d2e79599884ec078cbbd8e
- SHA1
  
  1b5c86c5e1352bda849e0ac6e16872a7eb46e931
- SHA256
  
  1f0399899fa16b89773167d87b10d2add2364e2ad9a1e32da537220ad0253c50
- SHA512
  
  1e6117708cb7dee60f2dfb0d1687a52d65e7c8632d35fab305a999d281cf0ab17c252828556526753c4e8bff2d5bb7a1dfb10d91f2c8ee75dc6a3b87e8d273ab
- SSDEEP
  
  12288:WZgSKWk54jeg6lL5assQHtzV2KoLJ+PwXxwuLSJ8slf1zMr6iL/KNDx2PIXe2Q:KgoLetlLS8tz6V+PwD0XVMrXCNDxtK
Score

10^/10

troldesh aspackv2 discovery persistence ransomware trojan upx
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

troldeshaspackv2discoverypersistenceransomwaretrojanupx

behavioral2

troldeshaspackv2discoverypersistenceransomwaretrojanupx

© 2018-2024

Terms | Privacy