Overview

overview

10

Static

static

1

music-note...0.webp

windows7-x64

3

music-note...0.webp

windows10-2004-x64

Resubmissions

04-08-2024 08:00

240804-jwfhvsvcpc 3

04-08-2024 07:57

240804-jte5bazfrl 6

04-08-2024 07:46

240804-jmc2dazekk 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    music-note-1275650_960_720.webp

  • Size

    7KB

  • Sample

    240804-jmc2dazekk

  • MD5

    866f908684d6f1d93f2c8efd1b065a58

  • SHA1

    ba5e7051fa2a8273c5cd397b1131b5deed98e089

  • SHA256

    e1838e460e19fe98e9cc54bb694e491cc2f4b37ab06e3ea1f7540a0262a82189

  • SHA512

    353811cffa56ae87937ba5ba52431088554240f508fc0a452fa59b8fe01438699ed28ae1943e9f7564c84eead208f6be9d7b04afb1eb1128640d46ef4e95a07a

  • SSDEEP

    192:rhx7CtG7VryH5F+W2DFhIHILq9hPS/SlzZ:rX7EGRr+IWGhPq95OC

Score
10/10
troldeshdiscoveryevasionpersistenceransomwaretrojanupx

Malware Config

Targets

    • Target

      music-note-1275650_960_720.webp

    • Size

      7KB

    • MD5

      866f908684d6f1d93f2c8efd1b065a58

    • SHA1

      ba5e7051fa2a8273c5cd397b1131b5deed98e089

    • SHA256

      e1838e460e19fe98e9cc54bb694e491cc2f4b37ab06e3ea1f7540a0262a82189

    • SHA512

      353811cffa56ae87937ba5ba52431088554240f508fc0a452fa59b8fe01438699ed28ae1943e9f7564c84eead208f6be9d7b04afb1eb1128640d46ef4e95a07a

    • SSDEEP

      192:rhx7CtG7VryH5F+W2DFhIHILq9hPS/SlzZ:rX7EGRr+IWGhPq95OC

    Score
    10/10
    discoverytroldeshevasionpersistenceransomwaretrojanupx

    • Troldesh, Shade, Encoder.858

      Troldesh is a ransomware spread by malspam.

      ransomwaretrojantroldesh

    • Disables Task Manager via registry modification

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks