1a71e8811d5d5b4dfc137e1c9a5bf6c4acac1fff675746be8d45e819a4491d0e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9c9f56f51cd849caa142f0c014bd4080_icedid_lightbolt_JC.exe
Size

18.5MB
Sample

230808-vxgcbsed47
MD5

9c9f56f51cd849caa142f0c014bd4080
SHA1

d24a31dbbe08dca5e9353592d1ecaae35b668435
SHA256

1a71e8811d5d5b4dfc137e1c9a5bf6c4acac1fff675746be8d45e819a4491d0e
SHA512

733e9e935f91b7ebbe509681909c0ba6fe2e9d2af731626512a6e248fcb496cd9b6a649c248026d74fd5d8e766e699aec61748e2a6ee908007a87cfbfd091330
SSDEEP

196608:wjWEjWWs3TehREvuI+kL2t0La3ZKat01NHqDXJqNjEe4pc3+rk5q55:ycT7vMkL27re1NHqbJYPDq55

Score

8^/10

persistence ransomware

Malware Config

Targets

- Target
  
  9c9f56f51cd849caa142f0c014bd4080_icedid_lightbolt_JC.exe
- Size
  
  18.5MB
- MD5
  
  9c9f56f51cd849caa142f0c014bd4080
- SHA1
  
  d24a31dbbe08dca5e9353592d1ecaae35b668435
- SHA256
  
  1a71e8811d5d5b4dfc137e1c9a5bf6c4acac1fff675746be8d45e819a4491d0e
- SHA512
  
  733e9e935f91b7ebbe509681909c0ba6fe2e9d2af731626512a6e248fcb496cd9b6a649c248026d74fd5d8e766e699aec61748e2a6ee908007a87cfbfd091330
- SSDEEP
  
  196608:wjWEjWWs3TehREvuI+kL2t0La3ZKat01NHqDXJqNjEe4pc3+rk5q55:ycT7vMkL27re1NHqbJYPDq55
Score

8^/10

persistence ransomware
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

behavioral2

persistenceransomware