99d1d711f37401f45408c37adf208553b964a84940fc1e9f50bdd3598301ef78 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
Size

13.8MB
Sample

230903-vc161aba8x
MD5

19d62ae9967554e1705aaefcb50b5b63
SHA1

bd7efed4e49da162684be0e29e781d8268420c9a
SHA256

99d1d711f37401f45408c37adf208553b964a84940fc1e9f50bdd3598301ef78
SHA512

1ec97d9232ae274783b3a55bd921b5a7127cc4a4ec04da1a49d4c6b8156f15a800b32ff8bbcfdd4b3a98cd4e0a7073d0b9ab76140695076ca68a65b6aa05d714
SSDEEP

196608:wjWEjWWs3TehREvuI+kL2t0La3ZzpRvcV93dPT3E:ycT7vMkL27CV93x3E

Score

8^/10

persistence ransomware

Malware Config

Targets

- Target
  
  2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
- Size
  
  13.8MB
- MD5
  
  19d62ae9967554e1705aaefcb50b5b63
- SHA1
  
  bd7efed4e49da162684be0e29e781d8268420c9a
- SHA256
  
  99d1d711f37401f45408c37adf208553b964a84940fc1e9f50bdd3598301ef78
- SHA512
  
  1ec97d9232ae274783b3a55bd921b5a7127cc4a4ec04da1a49d4c6b8156f15a800b32ff8bbcfdd4b3a98cd4e0a7073d0b9ab76140695076ca68a65b6aa05d714
- SSDEEP
  
  196608:wjWEjWWs3TehREvuI+kL2t0La3ZzpRvcV93dPT3E:ycT7vMkL27CV93x3E
Score

8^/10

persistence ransomware
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

behavioral2

persistenceransomware