367014af705e434195983d5afda943f89237030559430b40c868b09835cf3497 | Triage

Resubmissions

25-06-2024 09:32

240625-lhmq5avdkn 8

25-04-2024 08:56

240425-kwgllahc6w 8

Sharing

General

Target

2024-04-25_d9d449c9c6d368b233f49ed97e9c3c8c_icedid
Size

3.9MB
Sample

240625-lhmq5avdkn
MD5

d9d449c9c6d368b233f49ed97e9c3c8c
SHA1

fb09d733d91cc965e7703524bcd716d94f731165
SHA256

367014af705e434195983d5afda943f89237030559430b40c868b09835cf3497
SHA512

88cf5bbabdc2191170c0a6dbb5466a63a8678ae8ec3f81f0f5191924ddd9f23089c6019bc86a74140033a29e2579fcb4fbc523cf02d39d24947355158eae5fff
SSDEEP

49152:QoRg5x6c1PoU/1oGbnQ/7WUT9B5k1YCdptya507NUUWn043oHS3fTZYwVq1/xT3u:He5x6c1PouojNhS9Yw8y

Score

8^/10

persistence ransomware

Malware Config

Targets

- Target
  
  2024-04-25_d9d449c9c6d368b233f49ed97e9c3c8c_icedid
- Size
  
  3.9MB
- MD5
  
  d9d449c9c6d368b233f49ed97e9c3c8c
- SHA1
  
  fb09d733d91cc965e7703524bcd716d94f731165
- SHA256
  
  367014af705e434195983d5afda943f89237030559430b40c868b09835cf3497
- SHA512
  
  88cf5bbabdc2191170c0a6dbb5466a63a8678ae8ec3f81f0f5191924ddd9f23089c6019bc86a74140033a29e2579fcb4fbc523cf02d39d24947355158eae5fff
- SSDEEP
  
  49152:QoRg5x6c1PoU/1oGbnQ/7WUT9B5k1YCdptya507NUUWn043oHS3fTZYwVq1/xT3u:He5x6c1PouojNhS9Yw8y
Score

8^/10

persistence ransomware
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

persistenceransomware