industroyer | bdadd66875a85acc6a34e6804a2bfa4bbcc507b67d7d903bb3f93c77c534f76e | Triage

Resubmissions

23-01-2024 13:08

240123-qdgfrsbda9 10

23-01-2024 12:28

240123-pnlmssagf6 10

Sharing

General

Target

ida.zip
Size

328.6MB
Sample

240123-pnlmssagf6
MD5

7549697ce2c4b83f9e4b2782dc0931e1
SHA1

cf789f1f37a6354b9292b9e1a10ea62d11541d71
SHA256

bdadd66875a85acc6a34e6804a2bfa4bbcc507b67d7d903bb3f93c77c534f76e
SHA512

fc49b793c8af98fd4db71d25f93ddeb936e2e5fc9b9300c2550f467613106909bc731c2e219c6c4dbacc4bd674983c1c3a80e25e5ba9a95cdf3420eed9b1b8e5
SSDEEP

6291456:QutJEMdzZaqjKc+v4BsxCECS0/LNfZkakTXYstf3sviwmpijdxW72zS+Gc:QuzEMddCQBsxCx/z1GacXZt4iFMx7zSi

Score

10^/10

industroyer discovery upx

Malware Config

Targets

- Target
  
  ida.exe
- Size
  
  3.9MB
- MD5
  
  c9aff2f72199247db8820468312f8c7d
- SHA1
  
  f180195eb630bf39b3e95ca2967bf593c3cd0e16
- SHA256
  
  2e6d13859334f5abe205ad9d1b44e82496b0484bb29f8086e4978a8331cc3d0b
- SHA512
  
  b9afd1dc763cde196bbded0f127fdd46e4cab8ce42647757b91805a47ecdd3248473b886e1176ee4565c8cef3324bfb218d69ead6aae5ee3649176d1c5176a39
- SSDEEP
  
  49152:e+OH4UTrneOsYX71J5sktFlag4Gfdv9wjMZ7sgL2B3cCqbopA9mprW99vAz+DawF:e+GrePGGNg4xMag/6C94+bLwmD
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  ida64.exe
- Size
  
  3.9MB
- MD5
  
  02ca44c85a0f4f2156f6764604f888ac
- SHA1
  
  e01d60ddc0dc27b33ea34ea42785a384f9876d3f
- SHA256
  
  8145b46c7d2775283b9966ac84ca3ff602d5e66250da9f2dfbb1abd13e12c01c
- SHA512
  
  1c94eadb48930b25982481e75e0b82fb1b644882ad2e85b45ca965fe79f8d3723f0fbcf065720b54c984bf9e3649fb8e590e89ed15ca77933bab619de9e044b9
- SSDEEP
  
  49152:4md9u5IP23N3tXoSx73CQ3mgvlCLopyE7Ct8MZh5hwqrFyryjjA62CEf7EoWAnxH:4mbMXvX0Lvt8mYdCNyGm
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  idat64.exe
- Size
  
  1.5MB
- MD5
  
  e92e35566df9b5c80b5ff9c7b0e1274a
- SHA1
  
  5d549aaff87f831779d4cc0bc748f6f83f57f9b7
- SHA256
  
  510296a687a5a3eed6751dfe0e300eacd5c67cc3160215600ba9d580a452653d
- SHA512
  
  834ee9f575cab398aff44e3d0771ab917f1612600dcfd5b05679b658c8be3d42144e2fa250b2870fd89b186362d500613f6b0141562e3f1074be034751704e9d
- SSDEEP
  
  49152:kckiSs3GW8hd+YW6yIeamGOVyDKloWY9:fSRBNyIdt
Score

1^/10
behavioral5 behavioral6
- Target
  
  qwingraph.exe
- Size
  
  468KB
- MD5
  
  fa541d3c79c55e3e2f9e5a38bcfc3105
- SHA1
  
  83917485e5837d94eedd760da4a87e95ffe3a43f
- SHA256
  
  ccfbfc8453307481acc83137d67ddf0cfb0e1aced098ddb71adbee719898a78e
- SHA512
  
  77b002d3c3c1a5afae1254f765357cfb6a3b7bf747c87ce05a3c4e074d6b18d33b8e45024f48565578b3e5097981f0e81ec4acbf40272d8b2e343006e4e913e8
- SSDEEP
  
  6144:dl32mf5bt2aDPg1hMxvrsFho+vrehq8o0jNcHevfSxZ8jvCsihyF+MALYgn:dlmmfBtdDPACxvrM781iHevfSxr07AL
Score

1^/10
behavioral7 behavioral8
- Target
  
  unins000.exe
- Size
  
  705KB
- MD5
  
  2316bcc1094ec10c20760abcc3caa8d5
- SHA1
  
  c7f30c9fb2ccfb33dd963d14e4084d18f8a879b7
- SHA256
  
  56724658c2f142d3d3aa06e100b2a2c5ffd94b3472c02022bff9ebbaa30fdf4e
- SHA512
  
  d9310086ee13f322da752c8bd925812ab1ce99c94ff363e4870917aac4c663097226ca8b736ec03d97b6749fdf0c425776bfb0dfc3407c860eed00ba3d448f5d
- SSDEEP
  
  12288:jQhCh1/aLmSKrPD37zzH2A6QGgx/bsQeq9KgERkVfzrrNV4blc4/Nat/yxyRS:jQYh1yLmSKrPD37zzH2A6QD/InqggE20
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral10 behavioral9
- Target
  
  vcredist_x64.exe
- Size
  
  14.5MB
- MD5
  
  a57667e57017d7714af565f8a605520b
- SHA1
  
  48e3744f33f49113be971e334754f1e475c5afaa
- SHA256
  
  42a559f2be251b5f3c685597b99e4dee763b16a01f70bd7b1e92f6eb91cbb80c
- SHA512
  
  987305caf39341f8fbcb5c3489bde73d8d0c88aa517995029f6a86d62b513c5aef8b175acee35f540717adc5e02b8098a30b88dcfce448b6cb2a77b1527689aa
- SSDEEP
  
  393216:AlptVYmfr7yBG/4ZHYkfjTpPUWpYKg4HTNZl/V:cpttD7yBG/MppPUgYKg4zN//V
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12