c2d73046bfb08e0255a36c63fb37f0595116d5cefae4c3be4a2d9c4f757ad61d | Triage

Sharing

General

Target

2023-08-26_904e8d608f66c89196a95a54ae125918_icedid_lightbolt_JC.exe
Size

13.1MB
Sample

231011-m6al5sac6s
MD5

904e8d608f66c89196a95a54ae125918
SHA1

d168ef485fd5f645a80d7657a0c87327ccf3e253
SHA256

c2d73046bfb08e0255a36c63fb37f0595116d5cefae4c3be4a2d9c4f757ad61d
SHA512

467b04d4d018345cba45ff3ffa786ba61c8d0768112d12aba235e838a6ab37d2f5b6f64d407047eb4f3b73885870ed07d9e0b1efe368e74902d54ba7f0e080f6
SSDEEP

98304:He5x6c1UklJF1oM2E5T3Xe5x6c1UklJF1oM2E5T3IowUUIGYlFlehRC4tNuTBp8b:gokL/dTgokL/dTYVs3TehREvE6w

Score

8^/10

persistence ransomware

Malware Config

Targets

- Target
  
  2023-08-26_904e8d608f66c89196a95a54ae125918_icedid_lightbolt_JC.exe
- Size
  
  13.1MB
- MD5
  
  904e8d608f66c89196a95a54ae125918
- SHA1
  
  d168ef485fd5f645a80d7657a0c87327ccf3e253
- SHA256
  
  c2d73046bfb08e0255a36c63fb37f0595116d5cefae4c3be4a2d9c4f757ad61d
- SHA512
  
  467b04d4d018345cba45ff3ffa786ba61c8d0768112d12aba235e838a6ab37d2f5b6f64d407047eb4f3b73885870ed07d9e0b1efe368e74902d54ba7f0e080f6
- SSDEEP
  
  98304:He5x6c1UklJF1oM2E5T3Xe5x6c1UklJF1oM2E5T3IowUUIGYlFlehRC4tNuTBp8b:gokL/dTgokL/dTYVs3TehREvE6w
Score

8^/10

persistence ransomware
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

behavioral2

persistenceransomware