17c04938514a214b430c80af979712657c4d969ad6f66fff5cc947974b53771a | Triage

Sharing

General

Target

40e835b24ab76ba427f51d8d2f4c6430_icedid_lightbolt_JC.exe
Size

9.4MB
Sample

230802-w3z73aab2z
MD5

40e835b24ab76ba427f51d8d2f4c6430
SHA1

b353027c5314e06c44a5d1cec01879768f65d292
SHA256

17c04938514a214b430c80af979712657c4d969ad6f66fff5cc947974b53771a
SHA512

a08b23502c6decce4e2489b34824f24b1d1c1d88fd1cd75c46852a9141f0f12e7b08de839356182b4fdf4cf1ab2e4a65fef4e6206e7de716d4d6e11181c46e3c
SSDEEP

98304:Xe5x6c1noLoHCZe5x6c1noLoHC0UUIGYlFlehRC4tNuTBp8BzB+uoBovklJ2t0L8:wjWEjWWs3TehREvuI+kL2t0La3ZJ

Score

8^/10

persistence ransomware

Malware Config

Targets

- Target
  
  40e835b24ab76ba427f51d8d2f4c6430_icedid_lightbolt_JC.exe
- Size
  
  9.4MB
- MD5
  
  40e835b24ab76ba427f51d8d2f4c6430
- SHA1
  
  b353027c5314e06c44a5d1cec01879768f65d292
- SHA256
  
  17c04938514a214b430c80af979712657c4d969ad6f66fff5cc947974b53771a
- SHA512
  
  a08b23502c6decce4e2489b34824f24b1d1c1d88fd1cd75c46852a9141f0f12e7b08de839356182b4fdf4cf1ab2e4a65fef4e6206e7de716d4d6e11181c46e3c
- SSDEEP
  
  98304:Xe5x6c1noLoHCZe5x6c1noLoHC0UUIGYlFlehRC4tNuTBp8BzB+uoBovklJ2t0L8:wjWEjWWs3TehREvuI+kL2t0La3ZJ
Score

8^/10

persistence ransomware
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

behavioral2

persistenceransomware