General
-
Target
http://google.com
-
Sample
241104-s68rtsscrc
Score
10/10
Malware Config
Targets
-
-
Target
http://google.com
Score10/10-
Modifies visibility of file extensions in Explorer
-
Troldesh family
-
Troldesh, Shade, Encoder.858
Troldesh is a ransomware spread by malspam.
-
UAC bypass
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4Subvert Trust Controls
1SIP and Trust Provider Hijacking
1