industroyer | 6c3857d81afc904b0ea355e96f6431c2b880e39af19a974389b26c7c4360d125

Sharing

Copy URL

Twitter E-mail

General

Target

IDA Pro 7.6 SP1 (x86, x64, ARM, ARM64, MIPS).7z
Size

312.3MB
Sample

220928-rbckgahbfk
MD5

78f26c725b193803b2e534df499d58c8
SHA1

d31bc3403776c962833c5f38d6c1dd4591677425
SHA256

6c3857d81afc904b0ea355e96f6431c2b880e39af19a974389b26c7c4360d125
SHA512

c5b9c4b13522f713a705454239e2973074aacdbb5705ec982a0f2d6507a5384c0386b2a7006b3773fc1ac696a19ecf3369168890a4713d639a1f1e9bf1072582
SSDEEP

6291456:uP+FlLNSHuqLca2/wsh01h55BU22lGkmYlZm8hjTBdmCbrbhl86:uGF7SHXca2l+j3y2gGpYlZ3tl/br

Score

10^/10

Malware Config

Targets

- Target
  
  IDA Pro 7.6/dbgsrv/win32_remote.exe
- Size
  
  709KB
- MD5
  
  b0a18e882b7d0ec72f12314488887ff5
- SHA1
  
  37bd1f64af561e00c38a858b7d0a0ae3d5b041ec
- SHA256
  
  13cac0f96fd43233747a594b536c8e50b6c0e87281f045a714005c4bf47e2166
- SHA512
  
  322edfe99119c0107610d27eafe4e30581a4b65f84b8b7f7cec2df084f4f23f4d5fb9a96c53c09bcf88bb1d724bb2007060bf7b11517cf1dacb970ab71e3b5c3
- SSDEEP
  
  12288:n02WNMu6V+Epzs0kJmULIOiRDBrpNDnIa9T5elekPOOJRI1+Gs3+bQYFzLiTgoCa:nvz1jnIgTKe4JRos3uFzLiToTTa
Score

1^/10
behavioral1
- Target
  
  IDA Pro 7.6/dbgsrv/win64_remote64.exe
- Size
  
  866KB
- MD5
  
  fd0005027332a0e38d5f345c5fc29364
- SHA1
  
  5b71771276fd9c6d1d2c62c967aec829263ece66
- SHA256
  
  6a46b41076bc9ef0dda114d3c7b9fb5d8253ed89e39558868d972508b6f6bb10
- SHA512
  
  84f0fd9192a35e1da051fd2924590133becc98ddc96d103cdd8df762efcb552aa5060c6de8e887c2a025ab4010686a39b023183f26567d6beb39b61938be5614
- SSDEEP
  
  12288:yZ1yd68e1wwJcFk+bR2fElMsIWQBBzDdmj8My39r5TKJXt:y/y4dWwJyTYfEKs5ANmjG39r5TKl
Score

1^/10
behavioral2
- Target
  
  IDA Pro 7.6/ida.exe
- Size
  
  4.1MB
- MD5
  
  e446732704fdd1ce44caa999b1e906aa
- SHA1
  
  7ec5561e177d3452070600ed03e56a56b95399e4
- SHA256
  
  2d39d28be09b216ca592ecf32309c48c381d4bc7dbb8463d43a5c9fbb2a8bac3
- SHA512
  
  c782882fb7e8aae347f17cf7cd3234b7d3fd75fea80be679d01583eba87367f9f0712193b2419597b1f9736fb050036e4ae7830c46c74d1c8b39b35a62fd24c1
- SSDEEP
  
  49152:SGEXELdltkmjftCI34bb7/y0QUjyEAnqxikG4sUluvQv6gprRuKpovpSroZ1wlp1:5DEKqxCGpVCmZ+mD
Score

1^/10
behavioral3
- Target
  
  IDA Pro 7.6/ida64.exe
- Size
  
  4.1MB
- MD5
  
  66eabd95013d3102f79953db2cd39c59
- SHA1
  
  2e56467fc0bf87cf358feee13991e068c06aecf5
- SHA256
  
  05379216c29ad2b43e6a0287c8d45d448abba50ebc1847400004d71515f01be5
- SHA512
  
  b2adf6a7887538fe02532467951897fa3a4b4750c574aca169203518de895173b44475c88c7464968c29240bfbda2043bde9a8c553c2eefd92aa6e5aec20f5c9
- SSDEEP
  
  49152:baK0aVnZcqdnxKsxA8V7FjfZXEDsf449f1zvLMi/gxT9lcoaM0ImZ9eo/H/LAi61:9cqGszpYs9NCwZeKm
Score

1^/10
behavioral4
- Target
  
  IDA Pro 7.6/idapyswitch.exe
- Size
  
  74KB
- MD5
  
  7e670d8112237926e9fe2d0f19c3b1f4
- SHA1
  
  3fd237147a850659f627171d2a261b4b3f621420
- SHA256
  
  23ae9b5c8215b1ae412a49e97cee08d22e91d89f1e2b7159067f5bb7c5bc7718
- SHA512
  
  f9e9c7228cc7e0827ba57fb94b11f961c0f2766e8ce87cbd1cea8fe99e2a5e645cb99a508516dac6fd6ec57296db60670c1987d0de52b7b18575bb6287b25f10
- SSDEEP
  
  1536:+NPmwpnLszZRIzrtXPADdEytn9cYiSoDoax/sW+f53icGrgkxsdxhFN:M/LszZovAnKEaxh+f53iTrgCsX
Score

1^/10
behavioral5
- Target
  
  IDA Pro 7.6/idat.exe
- Size
  
  1.6MB
- MD5
  
  25a7418e4c8f36d2ddbe660523f60dae
- SHA1
  
  6a6c446d92364886cdd75cff0397ba0e78f672b5
- SHA256
  
  62909823f1a52bd8d7dff649b1ad51846fa24ce3ac3ca79809d20bfa3a9fb92c
- SHA512
  
  2cd8f49865188aca6eebf3e58c43a6f772279d30ec4e4fb21525ea27199cf2a9a5081ba33807c6138809126a085c0ce19055b7c48c4a617cf0a28ed1b82219f2
- SSDEEP
  
  49152:/Ha4lNgRK7jwMeBDLQ/Ymfyxkvr0TcKnoi2omYF:/ERKvsDvD
Score

1^/10
behavioral6
- Target
  
  IDA Pro 7.6/idat64.exe
- Size
  
  1.6MB
- MD5
  
  65b72e1affa8e6335a79c86a33bacd53
- SHA1
  
  dfa8c0cd5b08b6180c985a2cc093474a86874c45
- SHA256
  
  afb87beb6086f2416bccb9688e5f1c0b9021f3ee9156c80f4f7d86f237834130
- SHA512
  
  368251ad9990479e37bf15c1c0c083612cc10ad11bc1ec170852f2f62db5317e64e3c4d0323a794fe4978506801fdf71f2a103c3c7018cf33fe185e6de6c8be6
- SSDEEP
  
  49152:nJ2g7JMheBvXXAsoY3qDLkrTXmQ3t9of6Mh:n6ELoY3d
Score

1^/10
behavioral7
- Target
  
  IDA Pro 7.6/qwingraph.exe
- Size
  
  468KB
- MD5
  
  bfc0e7a524fe6a1724a802613cca9dc5
- SHA1
  
  3f88ac12d643205c54d0a6a92e94d0d56c51f904
- SHA256
  
  30a3bdd95b55a493abe9f0ff8c0b41f64e04cd258f843941bf5902681c3ec933
- SHA512
  
  99da2e6b3242a0663a059b4d584d50ba86e55b3410975ef10c10e31cde25591f59a30d76e81b3ef7af1779fd3cef5bdfd32954f9431da3aebe593c345edb4eea
- SSDEEP
  
  6144:tU32mf5bt2aDPg1hMxvrsFho+vrehv8o0jNcHvvfSxIkJXhxFpMULYgn:tUmmfBtdDPACxvrM+81iHvvfSxxZyUL
Score

1^/10
behavioral8
- Target
  
  IDA Pro 7.6/uninstall.exe
- Size
  
  5.8MB
- MD5
  
  1b4652e39c464798c59142e103999aee
- SHA1
  
  8b44ed4666f0b3f041f03d85c6c17526d9b468c4
- SHA256
  
  6f50011238b298c183de6aa86a66af93e44a228bbefc0df76d13daaa7073b1d2
- SHA512
  
  cb99324a249c098e20741cdcdcfa340842c0e6e7d32e9b29ddd64f9445c5dd27c83e04ba9fa4382e2b52ae7e073adb21426a684806ca92f3856b5a6325af8be5
- SSDEEP
  
  98304:zu+/ipBOyRpvOPssgnIAbMJQeG2VKsmE6gpRdvbPtD5Iq4YuOSkQH90SMVHQkaOl:C+K6EBuHAilT3hhD5T4Y/QH90SMJFFbz
Score

8^/10

evasion trojan
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9