troldesh | 1dcf33ce009b879ce5d5197904151dc32112476f84e50f808bf55e8c9ea2130d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

TROLDESH.exe

windows7-x64

Sharing

General

Target

TROLDESH.exe
Size

1004KB
Sample

250227-3ygy9atwf1
MD5

5294b2851a648c51de94fa83b68bb0df
SHA1

09e38aad31ae8d15a59bceb3e07e7f8a4b58189c
SHA256

1dcf33ce009b879ce5d5197904151dc32112476f84e50f808bf55e8c9ea2130d
SHA512

87c4b6b73248e167bf55b8f5b892ab15f1c5546709d0e120f1f96efda6b9ffd058e1b0b685c1596022632f603c07505a6a0af5757c679e256b4564201e91d7b7
SSDEEP

12288:09MHwMVR8EyH4Aj6fRljL2NkKwb50UmqtLQgvgFgR8S83sX+2vuiq8mKU/5k7s:0qwwWHh6ZljGG5Zn9GsX/uib6S7s

Score

10^/10

troldesh discovery persistence ransomware trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

TROLDESH.exe

Resource

win7-20241010-en

troldesh discovery persistence ransomware trojan upx

windows7-x64

9 signatures

60 seconds

Malware Config

Targets

- Target
  
  TROLDESH.exe
- Size
  
  1004KB
- MD5
  
  5294b2851a648c51de94fa83b68bb0df
- SHA1
  
  09e38aad31ae8d15a59bceb3e07e7f8a4b58189c
- SHA256
  
  1dcf33ce009b879ce5d5197904151dc32112476f84e50f808bf55e8c9ea2130d
- SHA512
  
  87c4b6b73248e167bf55b8f5b892ab15f1c5546709d0e120f1f96efda6b9ffd058e1b0b685c1596022632f603c07505a6a0af5757c679e256b4564201e91d7b7
- SSDEEP
  
  12288:09MHwMVR8EyH4Aj6fRljL2NkKwb50UmqtLQgvgFgR8S83sX+2vuiq8mKU/5k7s:0qwwWHh6ZljGG5Zn9GsX/uib6S7s
Score

10^/10

troldesh discovery persistence ransomware trojan upx
- Troldesh family
  troldesh
- Troldesh, Shade, Encoder.858
  Troldesh is a ransomware spread by malspam.
  ransomware trojan troldesh
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

troldeshdiscoverypersistenceransomwaretrojanupx

© 2018-2025

Terms | Privacy