Overview

overview

10

Static

static

3

Chew7.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Chew7.exe

  • Size

    4.6MB

  • Sample

    240824-atzdhswcjh

  • MD5

    7b232997942b2a5c7e4dbe931bb4c67c

  • SHA1

    06c6d3b5b66585f03bab25c774baadb575cb1515

  • SHA256

    0a88faa27484c7c163bc90fbf806a9dab84226c2f60f3410695278ee76d065f5

  • SHA512

    1959f3334af0061fac523e31fb030d77c13696977cc151453ca0546cc624d234b2198d141e61d597e0d3c2ff3068ad8f3d732dd477a5b535ccd56dd953588412

  • SSDEEP

    98304:6BkL7VOQCsDdOmYglo4Y14pygKq7VOQCsDdOmYglo4Y14pygK:6OLPLDVYglq1pqPLDVYglq1p

Score
10/10
troldeshdiscoverypersistenceransomwaretrojanupx

Malware Config

Targets

    • Target

      Chew7.exe

    • Size

      4.6MB

    • MD5

      7b232997942b2a5c7e4dbe931bb4c67c

    • SHA1

      06c6d3b5b66585f03bab25c774baadb575cb1515

    • SHA256

      0a88faa27484c7c163bc90fbf806a9dab84226c2f60f3410695278ee76d065f5

    • SHA512

      1959f3334af0061fac523e31fb030d77c13696977cc151453ca0546cc624d234b2198d141e61d597e0d3c2ff3068ad8f3d732dd477a5b535ccd56dd953588412

    • SSDEEP

      98304:6BkL7VOQCsDdOmYglo4Y14pygKq7VOQCsDdOmYglo4Y14pygK:6OLPLDVYglq1pqPLDVYglq1p

    Score
    10/10
    troldeshdiscoverypersistenceransomwaretrojanupx

    • Troldesh, Shade, Encoder.858

      Troldesh is a ransomware spread by malspam.

      ransomwaretrojantroldesh

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks