troldesh | ca4727bd4e0147e0218ade8603dd6dca3c2d71dd800d4b65457528e944fc74b8

Sharing

Copy URL

Twitter E-mail

General

Target

e7843fdfa17a9fb7600832f383185c3f_JaffaCakes118
Size

904KB
Sample

241212-v7gqvatlej
MD5

e7843fdfa17a9fb7600832f383185c3f
SHA1

dfe099d2d4c38ff39c822a16338e0e788d73396d
SHA256

ca4727bd4e0147e0218ade8603dd6dca3c2d71dd800d4b65457528e944fc74b8
SHA512

f6b02eea25c69f1cdc31972dc809d280288e5dcf7e979f2495895cd3e65b51ef46162a9232722ef4c46a9542eac58149665bed0cea43f7de786f58425d301b8e
SSDEEP

24576:V2bXXSHpBrJ/xMJDtULCTTyU6QitIrzxqUTKv:c2rJ5OeyMQp80o

Score

10^/10

Malware Config

Targets

- Target
  
  e7843fdfa17a9fb7600832f383185c3f_JaffaCakes118
- Size
  
  904KB
- MD5
  
  e7843fdfa17a9fb7600832f383185c3f
- SHA1
  
  dfe099d2d4c38ff39c822a16338e0e788d73396d
- SHA256
  
  ca4727bd4e0147e0218ade8603dd6dca3c2d71dd800d4b65457528e944fc74b8
- SHA512
  
  f6b02eea25c69f1cdc31972dc809d280288e5dcf7e979f2495895cd3e65b51ef46162a9232722ef4c46a9542eac58149665bed0cea43f7de786f58425d301b8e
- SSDEEP
  
  24576:V2bXXSHpBrJ/xMJDtULCTTyU6QitIrzxqUTKv:c2rJ5OeyMQp80o
Score

10^/10

troldesh discovery persistence ransomware trojan upx
- Troldesh family
  troldesh
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  5b3edb39fe9c026322caf37ea10f6733
- SHA1
  
  3caf8b5b38feb87bfeb0e01e59d4e36f110c9e9e
- SHA256
  
  a96b1c95f51b088ed5ec476485a6aa562cbe68a88d0261ce88bcb3dca1f1c8b0
- SHA512
  
  7930e12c72744c9cf5e2f9b93236526289ed3f9773b92c865228ad33ab45d64e73ee5604a74e49630e066d802a5ca4602d4b986131d267ce17a8ce5d3b5f054c
- SSDEEP
  
  384:EfC43tPegZ3eBaRwCPOYY7nNYXC7/Yosa:EKTgZ3eBTCmrnNAh
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  a4dd044bcd94e9b3370ccf095b31f896
- SHA1
  
  17c78201323ab2095bc53184aa8267c9187d5173
- SHA256
  
  2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc
- SHA512
  
  87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a
- SSDEEP
  
  192:em24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlESl:m8QIl975eXqlWBrz7YLOlE
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  EZView-1.9-uninst.exe
- Size
  
  53KB
- MD5
  
  462b7739861882c64ee2cac62a6502b8
- SHA1
  
  43cd0f1e3aa288f2586861ce74c2b0acf002ed76
- SHA256
  
  31d25ea3fac5e20b7dc60a9924e7cf212f58ed13cc355ca765b4085b0625f396
- SHA512
  
  43c7d71b7b2bd14a0f83b6372f8dc4e992e8a849171ced481417b29b265c32b7fe005d480b203207922ccfa6564800f9f2a203a9bbec7246b6526a25094306f9
- SSDEEP
  
  1536:6YHhhDWkSkWIGq4wjiKutgdLeAyNlOniksz4K:6KWAj/hjiKutceAliXcK
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Troldesh family

Troldesh, Shade, Encoder.858

Loads dropped DLL

Adds Run key to start application

Suspicious use of SetThreadContext

UPX packed file

Deletes itself

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8