a713066ef681b1a8c64ba9fe6fa875b0460d9d9fc8da5d311ebf0722596b17ef | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2023-09-06_63f65c330a59bc5443728ce53d1460e4_icedid_JC.exe
Size

4.1MB
Sample

231023-tg6fvahh4s
MD5

63f65c330a59bc5443728ce53d1460e4
SHA1

f235912045da2bed259f9be3dd78b9f6ec20e496
SHA256

a713066ef681b1a8c64ba9fe6fa875b0460d9d9fc8da5d311ebf0722596b17ef
SHA512

a0f9784670391870194f042536f92fa7d1fe2cb6657946c86b91d06f04c622e8ecfd881b1b665b41b934e0a9214362f1374fb090031758776ec179bd5d26c7f3
SSDEEP

49152:QoRg5x6c1AKfuPS3ELNjV7FZxEfOfOgwf0h8fRqnqYQVMkL+q2PCPXNYw:He5x6c1Xm9pZxwgoklJa

Score

8^/10

persistence ransomware

Malware Config

Targets

- Target
  
  NEAS.2023-09-06_63f65c330a59bc5443728ce53d1460e4_icedid_JC.exe
- Size
  
  4.1MB
- MD5
  
  63f65c330a59bc5443728ce53d1460e4
- SHA1
  
  f235912045da2bed259f9be3dd78b9f6ec20e496
- SHA256
  
  a713066ef681b1a8c64ba9fe6fa875b0460d9d9fc8da5d311ebf0722596b17ef
- SHA512
  
  a0f9784670391870194f042536f92fa7d1fe2cb6657946c86b91d06f04c622e8ecfd881b1b665b41b934e0a9214362f1374fb090031758776ec179bd5d26c7f3
- SSDEEP
  
  49152:QoRg5x6c1AKfuPS3ELNjV7FZxEfOfOgwf0h8fRqnqYQVMkL+q2PCPXNYw:He5x6c1Xm9pZxwgoklJa
Score

8^/10

persistence ransomware
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

behavioral2

persistenceransomware