troldesh | 5cbb6442c47708558da29588e0d8ef0b34c4716be4a47e7c715ea844fbcf60d7 | Triage

Submit
Reports

Overview

overview

Static

static

3

Endermanch...om.exe

windows11-21h2-x64

Sharing

General

Target

NoMoreRansom.zip
Size

916KB
Sample

240915-lqgj3sxhkn
MD5

f315e49d46914e3989a160bbcfc5de85
SHA1

99654bfeaad090d95deef3a2e9d5d021d2dc5f63
SHA256

5cbb6442c47708558da29588e0d8ef0b34c4716be4a47e7c715ea844fbcf60d7
SHA512

224747b15d0713afcb2641f8f3aa1687516d42e045d456b3ed096a42757a6c10c6626672366c9b632349cf6ffe41011724e6f4b684837de9b719d0f351dfd22e
SSDEEP

24576:+FhIdZxByAl+XiqNk6n3DaeCTLD1yilc7KrBVw1lFVFDqE/zQRsAOfySS:AhAgo2ikhryLD1hcerklFVhqEMiAuySS

Score

10^/10

troldesh discovery persistence ransomware trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

[email protected]

Resource

win11-20240802-en

troldesh discovery persistence ransomware trojan upx

windows11-21h2-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  [email protected]
- Size
  
  1.4MB
- MD5
  
  63210f8f1dde6c40a7f3643ccf0ff313
- SHA1
  
  57edd72391d710d71bead504d44389d0462ccec9
- SHA256
  
  2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f
- SHA512
  
  87a89e8ab85be150a783a9f8d41797cfa12f86fdccb48f2180c0498bfd2b1040b730dee4665fe2c83b98d436453680226051b7f1532e1c0e0cda0cf702e80a11
- SSDEEP
  
  12288:WZgSKWk54jeg6lL5assQHtzV2KoLJ+PwXxwuLSJ8slf1zMr6iL/KNDx2PIXe2Q:KgoLetlLS8tz6V+PwD0XVMrXCNDxtK
Score

10^/10

troldesh discovery persistence ransomware trojan upx
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

troldeshdiscoverypersistenceransomwaretrojanupx

© 2018-2024

Terms | Privacy