Overview

overview

10

Static

static

3

caa1e28ce7...3N.exe

windows7-x64

10

caa1e28ce7...3N.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

features13...5.html

windows7-x64

3

features13...5.html

windows10-2004-x64

3

help1852830420.html

windows7-x64

3

help1852830420.html

windows10-2004-x64

3

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

us4-api.html

windows7-x64

3

us4-api.html

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    caa1e28ce7dd5960e3dd91f327484e0a3f5da6493b6536617659caf94c54e583N

  • Size

    924KB

  • Sample

    240930-lgfw7axfmj

  • MD5

    c2293c2be588a6b531c2ced3ad90e880

  • SHA1

    8d85fb7fbeea7d1eb433f4e1c18d0e6d8072a44f

  • SHA256

    caa1e28ce7dd5960e3dd91f327484e0a3f5da6493b6536617659caf94c54e583

  • SHA512

    c3c933858f62aef610584fcf7ade1f4e8db21d4fe6d5130cfa12aeef816b663d8182add8cb2691e59efa7829d99057f4a633203e60e6a06cf2573b929fb7d77d

  • SSDEEP

    24576:B8ue3jad03YB+qJS92fAx3xHHn4mu9o/9ult:+uBd6YB+qJS92fAbHIbr

Score
10/10
troldeshdefense_evasiondiscoveryexecutionimpactpersistenceransomwaretrojanupx

Malware Config

Targets

    • Target

      caa1e28ce7dd5960e3dd91f327484e0a3f5da6493b6536617659caf94c54e583N

    • Size

      924KB

    • MD5

      c2293c2be588a6b531c2ced3ad90e880

    • SHA1

      8d85fb7fbeea7d1eb433f4e1c18d0e6d8072a44f

    • SHA256

      caa1e28ce7dd5960e3dd91f327484e0a3f5da6493b6536617659caf94c54e583

    • SHA512

      c3c933858f62aef610584fcf7ade1f4e8db21d4fe6d5130cfa12aeef816b663d8182add8cb2691e59efa7829d99057f4a633203e60e6a06cf2573b929fb7d77d

    • SSDEEP

      24576:B8ue3jad03YB+qJS92fAx3xHHn4mu9o/9ult:+uBd6YB+qJS92fAbHIbr

    Score
    10/10
    troldeshdefense_evasiondiscoveryexecutionimpactpersistenceransomwaretrojanupx

    • Troldesh, Shade, Encoder.858

      Troldesh is a ransomware spread by malspam.

      ransomwaretrojantroldesh

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      3e6bf00b3ac976122f982ae2aadb1c51

    • SHA1

      caab188f7fdc84d3fdcb2922edeeb5ed576bd31d

    • SHA256

      4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe

    • SHA512

      1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706

    • SSDEEP

      192:eP24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlbSl:T8QIl975eXqlWBrz7YLOlb

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      dbdbf4017ff91c9de328697b5fd2e10a

    • SHA1

      b597a5e9a8a0b252770933feed51169b5060a09f

    • SHA256

      be60a00f32924ccbe03f9914e33b8e1ad8c8a1ca442263a69896efba74925b36

    • SHA512

      3befc15aab0a5dbe7fde96155b0499d385f2799b1a2d47ce04f37b5804006b1c6c4fff93d3cedb56a2a8172b23752b6f9dc6168cfce3596b91def3247836cf10

    • SSDEEP

      96:33YnIxFkDUGZpKSmktse3GpmD8pevbE9cxSgB5PKtAtYE9v5E9KntrmfVEB3YdkS:33YIvGZDdtP8pevbg0PuAYK56NyoIFI

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      fa299e199922b3ba833be655a8d71b75

    • SHA1

      4d74c53bb6927a2831df93af26f3e4e4fb007797

    • SHA256

      49a6a1c1f19574b2a247ce6c5adc0751e046d27c30912816ba415f871b74ae5d

    • SHA512

      7ceb64d3d826762994c48ffad3ad2234410cbcdbedfce9a2dc03d18915ce22d687173f90e954d7bdb0eae76954c360059ad761aedc48cd7fa4ec29d6094f6a65

    • SSDEEP

      96:v7fhZwXd8KgEbAa9PweF1WxD8ZLMJGgmkNO38:4N8KgWAuLWxD8ZAGgmkN

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      features1395955115.html

    • Size

      4KB

    • MD5

      6bab5fd1b042b8acbe208494282645d9

    • SHA1

      80a768b7ec6777c189a0d3dd67d120836e1c0aab

    • SHA256

      56d1d8d34e6b0d628e5af62578d4949543035d4abd884b7d15b701443cf83b1c

    • SHA512

      45932ec27e5a1b73236782f767bd65af05d46f34e4804af35f555643d9771e2fd9041d81d1aa3cf0d1d1aa8e2a209f92f9e9217097f3a6b2177499d9e62f9549

    • SSDEEP

      96:v7mMg9WzsKep6qImvzqmCwF85/NEQaJr5CKWMkKkdpyuSWzNlAKb:DfgswKWvFqEDJ7QXzNlLb

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      help1852830420.html

    • Size

      4KB

    • MD5

      0f74796a006171d37a5fbed5592861c9

    • SHA1

      e34c3185ec68406553a54c4850bebbe372909fc7

    • SHA256

      fcca3b63ad3eb122fe97cf4219d99d4b389f16ac3006dea0377855a65f52afc2

    • SHA512

      2b485b85722bba4ef8ca71934a8d96564feff3167dcf848266189106a3f0f559c55680f432650547c48928fcec419cb7b18466b47f5f0429396da112567d98b6

    • SSDEEP

      96:v7mMg9X11cep6qIVXvzimCwF05RmXHyM4zG+KcblPUW//NgHk43G5zNlAKb:DfgGWeFFSnTeelgkIYzNlLb

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      uninst.exe

    • Size

      76KB

    • MD5

      ccbddf9548a855dcd00098e2df712d49

    • SHA1

      cc15fcc786305b2b485abcf446cfccec588c4ecf

    • SHA256

      335bf51b6a580010dd0a1c8c69f6a663c65ee92f7d7b2cb4681b11f61d94d699

    • SHA512

      c23194c6f1108eb12122ae4df38ef28409baa9a552b97b6deb28c02a9b6950a004d32747af2bfe5ed8e5028dcdf24ed26b93f5d584eb53ef111642444ab57b6d

    • SSDEEP

      1536:ujoUxZbE+HOI66qkryz9zIAg0ercMpP1D3UNPMOIf:udxNE+Hb+eyz9zIApkyPAf

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral13behavioral14

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      3e6bf00b3ac976122f982ae2aadb1c51

    • SHA1

      caab188f7fdc84d3fdcb2922edeeb5ed576bd31d

    • SHA256

      4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe

    • SHA512

      1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706

    • SSDEEP

      192:eP24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlbSl:T8QIl975eXqlWBrz7YLOlb

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      dbdbf4017ff91c9de328697b5fd2e10a

    • SHA1

      b597a5e9a8a0b252770933feed51169b5060a09f

    • SHA256

      be60a00f32924ccbe03f9914e33b8e1ad8c8a1ca442263a69896efba74925b36

    • SHA512

      3befc15aab0a5dbe7fde96155b0499d385f2799b1a2d47ce04f37b5804006b1c6c4fff93d3cedb56a2a8172b23752b6f9dc6168cfce3596b91def3247836cf10

    • SSDEEP

      96:33YnIxFkDUGZpKSmktse3GpmD8pevbE9cxSgB5PKtAtYE9v5E9KntrmfVEB3YdkS:33YIvGZDdtP8pevbg0PuAYK56NyoIFI

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      fa299e199922b3ba833be655a8d71b75

    • SHA1

      4d74c53bb6927a2831df93af26f3e4e4fb007797

    • SHA256

      49a6a1c1f19574b2a247ce6c5adc0751e046d27c30912816ba415f871b74ae5d

    • SHA512

      7ceb64d3d826762994c48ffad3ad2234410cbcdbedfce9a2dc03d18915ce22d687173f90e954d7bdb0eae76954c360059ad761aedc48cd7fa4ec29d6094f6a65

    • SSDEEP

      96:v7fhZwXd8KgEbAa9PweF1WxD8ZLMJGgmkNO38:4N8KgWAuLWxD8ZAGgmkN

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      us4-api

    • Size

      14KB

    • MD5

      d39c07af300ca02c8599d3031cca6a8d

    • SHA1

      565f7359aa83613e246903522f9ce0769035c80f

    • SHA256

      c0c350d8cef210778abeac5c0d0e5a18e3a67dd36107b113bf24e1ee99264ed2

    • SHA512

      ac45b782698b5a337aedd7e77e36f010bb5b4d2a2cad9d996dfa9ebc828ddd20366845dd14da08932c3453013267c6d115ab51c85cdfe08859d051773b8845f9

    • SSDEEP

      192:PKXCdiEmWIAsixCJGDkQgdg9beyZtu6QleLBDMSKid3m1FY07jfA:yyRmNA5aGDf8gEiTZwHYSfA

    Score
    3/10
    discovery
    behavioral21behavioral22

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

troldeshdefense_evasiondiscoveryexecutionimpactpersistenceransomwaretrojanupx
Score
10/10

behavioral2

discovery
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
7/10

behavioral14

discovery
Score
7/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

Score
1/10