General

  • Target

    NoMoreRansom.zip

  • Size

    916KB

  • Sample

    241205-r4qb2aypbw

  • MD5

    f315e49d46914e3989a160bbcfc5de85

  • SHA1

    99654bfeaad090d95deef3a2e9d5d021d2dc5f63

  • SHA256

    5cbb6442c47708558da29588e0d8ef0b34c4716be4a47e7c715ea844fbcf60d7

  • SHA512

    224747b15d0713afcb2641f8f3aa1687516d42e045d456b3ed096a42757a6c10c6626672366c9b632349cf6ffe41011724e6f4b684837de9b719d0f351dfd22e

  • SSDEEP

    24576:+FhIdZxByAl+XiqNk6n3DaeCTLD1yilc7KrBVw1lFVFDqE/zQRsAOfySS:AhAgo2ikhryLD1hcerklFVhqEMiAuySS

Malware Config

Targets

    • Target

      NoMoreRansom.zip

    • Size

      916KB

    • MD5

      f315e49d46914e3989a160bbcfc5de85

    • SHA1

      99654bfeaad090d95deef3a2e9d5d021d2dc5f63

    • SHA256

      5cbb6442c47708558da29588e0d8ef0b34c4716be4a47e7c715ea844fbcf60d7

    • SHA512

      224747b15d0713afcb2641f8f3aa1687516d42e045d456b3ed096a42757a6c10c6626672366c9b632349cf6ffe41011724e6f4b684837de9b719d0f351dfd22e

    • SSDEEP

      24576:+FhIdZxByAl+XiqNk6n3DaeCTLD1yilc7KrBVw1lFVFDqE/zQRsAOfySS:AhAgo2ikhryLD1hcerklFVhqEMiAuySS

    • Troldesh family

    • Troldesh, Shade, Encoder.858

      Troldesh is a ransomware spread by malspam.

    • Executes dropped EXE

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks