troldesh | 2656b3bed5bed61f95dd140fbc74a6768e99a548f988411ed2bdb3b9a158bb51 | Triage

Submit
Reports

Overview

overview

Static

static

3

de8a03cda2...18.exe

windows7-x64

de8a03cda2...18.exe

windows10-2004-x64

Sharing

General

Target

de8a03cda24007751d76f6db55b8a14b_JaffaCakes118
Size

957KB
Sample

240913-vm1yzsyfpb
MD5

de8a03cda24007751d76f6db55b8a14b
SHA1

fa117e501780dd846f52b7317d040c5625046e08
SHA256

2656b3bed5bed61f95dd140fbc74a6768e99a548f988411ed2bdb3b9a158bb51
SHA512

3c7b371b90eed92db9793d3814b517e3c6dcdd1797b77db253d6668b26a6cabacc70cae9bb9dda803c542463c266afa5546ec2102fdb84b0ec495a2cd5e722f7
SSDEEP

24576:8a1UfIsnPQpBMQtURHxlqi5edeoBRkmb:8a1YIGoBMpKi5ed7x

Score

10^/10

troldesh discovery persistence ransomware trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

de8a03cda24007751d76f6db55b8a14b_JaffaCakes118.exe

Resource

win7-20240903-en

troldesh discovery persistence ransomware trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

de8a03cda24007751d76f6db55b8a14b_JaffaCakes118.exe

Resource

win10v2004-20240802-en

troldesh discovery persistence ransomware trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  de8a03cda24007751d76f6db55b8a14b_JaffaCakes118
- Size
  
  957KB
- MD5
  
  de8a03cda24007751d76f6db55b8a14b
- SHA1
  
  fa117e501780dd846f52b7317d040c5625046e08
- SHA256
  
  2656b3bed5bed61f95dd140fbc74a6768e99a548f988411ed2bdb3b9a158bb51
- SHA512
  
  3c7b371b90eed92db9793d3814b517e3c6dcdd1797b77db253d6668b26a6cabacc70cae9bb9dda803c542463c266afa5546ec2102fdb84b0ec495a2cd5e722f7
- SSDEEP
  
  24576:8a1UfIsnPQpBMQtURHxlqi5edeoBRkmb:8a1YIGoBMpKi5ed7x
Score

10^/10

troldesh discovery persistence ransomware trojan upx
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

troldeshdiscoverypersistenceransomwaretrojanupx

behavioral2

troldeshdiscoverypersistenceransomwaretrojanupx

© 2018-2024

Terms | Privacy