2019-10-15 - MALSPAM PUSHING SHADE (TROLDESH) RANSOMWARE
ASSOCIATED FILES:
- 2019-10-15-Shade-ransomware-IOCs.txt.zip 1.9 kB (1,922 bytes)
- 2019-10-15-Shade-ransomware-malspam-3-examples.zip 139 kB (138,994 bytes)
- 2019-10-15-Shade-ransomware-infection-traffic.pcap.zip 4.9 MB (4,871,219 bytes)
- 2019-10-15-Shade-ransomware-malware-and-artifacts.zip 1.4 MB (1,376,955 bytes)
NOTES:
- Zip archives are password-protected with the standard password. If you don't know it, see the "about" page of this website.
IMAGES
Shown above: Example of malspam pushing Shade (Troldesh) ransomware and the attached PDF file with link to a zip archive.
Shown above: Contents of the downloaded zip archive.
Shown above: Infection traffic when running the extracted JS file.
Shown above: Desktop of an infected Windows host.
Shown above: More info from the infected Windows host.
Shown above: URL for the decryption instructions in a Tor browser.
Shown above: Shade ransomware made persistent on the infected Windows host.
Click here to return to the main page.