MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 701d3db21920f78b8ed2eb6b4286f858277928f50d567c9c6594bd1971e9c07e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Vendor detections: 4

Intelligence 4 IOCs YARA 3 File information Comments

SHA256 hash: 701d3db21920f78b8ed2eb6b4286f858277928f50d567c9c6594bd1971e9c07e
SHA3-384 hash: 23a0545972014ad903bf973107acf917734bb998495d183962cad93237fec441475d0f3412bdefcf7ed7ea72dac08526
SHA1 hash: b303f1c9c4564551853cd08a770836aae5725cf2
MD5 hash: 6bb55449f9ad55bb73f25877a1041e1f
humanhash: oregon-red-east-kitten
File name:701d3db21920f78b8ed2eb6b4286f858277928f50d567c9c6594bd1971e9c07e
Download: download sample
Signature Troldesh
File size:1'253'640 bytes
First seen:2020-03-23 18:53:06 UTC
Last seen:2020-03-24 07:34:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a61f41c9eaa90bb5e3d5a206b2275e3c (1 x Troldesh)
ssdeep 24576:nCM1zIIQedHu6nxFMHjM8lJ5bnAd+V/PTfnT:P1zVB1yI8lJ5bZxTnT
Threatray 15 similar samples on MalwareBazaar
TLSH 8B4523CC7B56FE2BF06D07F448A19A8E8929AD5A9C07765EF152740C67B33C3B02D621
Reporter @Marco_Ramilli
Tags:exe Troldesh

Code Signing Certificate

Valid from:Feb 22 13:04:56 2019 GMT
Valid to:Dec 31 23:59:59 2039 GMT
Serial number: -5ABECD6FA09F6F63BCF2F00B40A25616
Thumbprint Algorithm:SHA256
Thumbprint: 6D4350C60490C9851B270A1FEC1F3CED61AD83EB1AEDE51AA0FB3785552096CD
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


File Origin
# of uploads :
# of downloads :
Origin country :
Mail intelligence
No data
Vendor Threat Intelligence

YARA Signatures

MalareBazaar uses YARA rules from several public and non-public repositories, such as Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious proccess dumps they may create. Please note that only results from TLP:WHITE rules are being displayeyd.

Rule name:suspicious_packer_section
Description:The packer/protector section names/keywords
Rule name:win_troldesh_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:win_troldesh_g0
Author:Daniel Plohmann <daniel.plohmann<at>>
Description:Unpacked Shade binary, non-statically-linked part and specific strings (vs. CMSBrute)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download


Executable exe 701d3db21920f78b8ed2eb6b4286f858277928f50d567c9c6594bd1971e9c07e

(this sample)

Delivery method
Distributed via web download