Overview

overview

10

Static

static

3

40fd4f01be...18.exe

windows7-x64

10

40fd4f01be...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    40fd4f01be2d45e14c8733f4c5f4a1dc_JaffaCakes118

  • Size

    904KB

  • Sample

    241013-vcq12axapd

  • MD5

    40fd4f01be2d45e14c8733f4c5f4a1dc

  • SHA1

    72859d488217be29e63616bb0d665be12c50b2ef

  • SHA256

    748703a2e8f07c912e586c0444ccf64038f0a6ec3986193b086daf43f795b8f4

  • SHA512

    e0cbea46a841d06fce745369280d3b78d7c1bf812698c681175ecc6da58d9b043cadd03a11a60a9ccc2a0c6c618e839aae9766fd0731de6051a3bc4d91504bfa

  • SSDEEP

    24576:KIJdwOpfgs+/NpxT8eZ/dhWUwqizeNGloqIPjN:KIJ+sm/Npt8eZzN5PjN

Score
10/10
troldeshdiscoverypersistenceransomwaretrojanupx

Malware Config

Targets

    • Target

      40fd4f01be2d45e14c8733f4c5f4a1dc_JaffaCakes118

    • Size

      904KB

    • MD5

      40fd4f01be2d45e14c8733f4c5f4a1dc

    • SHA1

      72859d488217be29e63616bb0d665be12c50b2ef

    • SHA256

      748703a2e8f07c912e586c0444ccf64038f0a6ec3986193b086daf43f795b8f4

    • SHA512

      e0cbea46a841d06fce745369280d3b78d7c1bf812698c681175ecc6da58d9b043cadd03a11a60a9ccc2a0c6c618e839aae9766fd0731de6051a3bc4d91504bfa

    • SSDEEP

      24576:KIJdwOpfgs+/NpxT8eZ/dhWUwqizeNGloqIPjN:KIJ+sm/Npt8eZzN5PjN

    Score
    10/10
    troldeshdiscoverypersistenceransomwaretrojanupx

    • Troldesh, Shade, Encoder.858

      Troldesh is a ransomware spread by malspam.

      ransomwaretrojantroldesh

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks