industroyer | 213345f0ceca25e87a4b6747686e32261d12a7ebe1daaebcd13887c70ca3c021

Sharing

Copy URL

Twitter E-mail

General

Target

IDA-Pro-main.zip
Size

45.3MB
Sample

240725-a5w3jaxekk
MD5

85b7c23f62657341a344b3bee9aa44f9
SHA1

bce089cdad7d5cde0f4f9dcbc7c238e73f93af21
SHA256

213345f0ceca25e87a4b6747686e32261d12a7ebe1daaebcd13887c70ca3c021
SHA512

f4a737aec9e271fd48887e8173c92dc81e19d3f3345ba50ebf67a6663d0c3a8b1c28b409fbb3f982edf28ca8de9796dd1f6be82ad477c927c768ab16679a1270
SSDEEP

786432:xZlsNwPCH0pTtzBkkjPFugRgXpjXN1BufwEKYLajarH4DvMEgAf0RmKXe8OwF6kG:nls70pTtNvdhgtBswEfau8vtgIYe899w

Score

10^/10

Malware Config

Targets

- Target
  
  IDA-Pro-main/Qt5Core.dll
- Size
  
  5.9MB
- MD5
  
  4e216123b5cedcdb0184139e92f525c5
- SHA1
  
  432ca0dd2a05d84659956ecce613f60f5bc256aa
- SHA256
  
  779a0a5e1e07f8a720da7b5631933b2c44d79a57e7d067f82d82dfe6514931d6
- SHA512
  
  f103f3976247f4a137a0a489cc9e0820d6f04aaf4e75c72ea45165a937bdb8ad29af8ca62685b665d125d2e9a57317310b30abc65a3d005fddfb3280567963b6
- SSDEEP
  
  98304:69ZLIyXfCpnSvbVJsv6tWKFdu9CyiX2kkmDeFP:gZLIyXfCdSBJsv6tWKFdu9CyZkkmDeF
Score

1^/10
behavioral1 behavioral2
- Target
  
  IDA-Pro-main/Qt5Gui.dll
- Size
  
  6.6MB
- MD5
  
  111c29b695a398fea4d4e42b8f24eccb
- SHA1
  
  6e09545e86bdbec0b6d1f94dcb56420225bc041c
- SHA256
  
  929f92685f7fb76e8b0e74e6e4706b6af803b0368fbc1dc4787d9d5e3b095a72
- SHA512
  
  843eb94799eb702d46ebc34a09b6c879797a45af844a86b1c8be28177050cb6d3b8dad57312ea8225c67605e1dc07b0a1ecea6735c8e7a8db8b4a514c9788f47
- SSDEEP
  
  49152:ehHNtGJYgksRjK/pwv90H8M7tlANRpmRWRBZS00xhHoeo1YD8chdR+u9Ui13rb/B:ehHj6Ii08S0UXo5uz5rHow09vnz/re
Score

1^/10
behavioral3 behavioral4
- Target
  
  IDA-Pro-main/Qt5PrintSupport.dll
- Size
  
  309KB
- MD5
  
  113d53b867e90b1ba1ddab4735acc97e
- SHA1
  
  a1b59b372126fb88af3f7a8dc615c64bdaacfaf0
- SHA256
  
  dff16fcb3bc837971a4b16c6e91200cc7516851fc91b50773f576445c79e82cf
- SHA512
  
  37064f729c4a092d9674e57153cd2adfee275dc8b61def22f79d211e1ce69d76259db12b8e6c636088c965f863565c85d15f182399e2db87bdd9b34c36e30dc3
- SSDEEP
  
  6144:/ZipZFdD77gzFt9ZKG4Mexb86Bk5U3F12oTwpd+/zueDhqvuRj3kVD9N:/ZUZFV77giG4Mexb86Bk5U3F12oTwpdP
Score

1^/10
behavioral5 behavioral6
- Target
  
  IDA-Pro-main/Qt5Widgets.dll
- Size
  
  5.3MB
- MD5
  
  9aeaa3559945fb7b707f77373921186a
- SHA1
  
  08690ad6b8d700bdda907d966b35b5d3d72cdcbc
- SHA256
  
  0005d60142f9de4e2821dd559c9dd610abf767aedaf43ddb5be04ca13c836c08
- SHA512
  
  0510eef77a5cdd14933ccc302df7a32ce9a4e2f8b83e26225f7d87efd4735b6a22814cfe508bd6eb7be5eb7c7bbcf08b28d9f92a2dabc8920b1b409f73b82b4d
- SSDEEP
  
  49152:15itppgXABXmu+evQZ6l1fLKfvuKaqHJCk02nsGUSQdmMPr0Pvhzes27ObWmkfiB:HK5jSWO62Sryles27ObWmkLnARd4Y
Score

1^/10
behavioral7 behavioral8
- Target
  
  IDA-Pro-main/clp64.dll
- Size
  
  1.0MB
- MD5
  
  9551263c9dd81e8a42487718dbe1a17a
- SHA1
  
  9b048160efc67e8b2ef713933212edaedcb158a5
- SHA256
  
  5870149d7b091376e6a89d691a9ef4b7b889e3c3bf2516f8c7b73f6cf762fbc0
- SHA512
  
  bae732d98371157f764316e66f333d4362b0161b4a38650cc9eb23e3d01655b892b5fc86d99b45afc649257694a2cae6be563ac40193f4b546c7f36a0d31be36
- SSDEEP
  
  24576:w7Vt9qfawrN27U1izzZaRbfp81L/Wm/nd6Wrr+U/FQT:sBqfSU14Zadq1L/cWrrTFQ
Score

1^/10
behavioral10 behavioral9
- Target
  
  IDA-Pro-main/dbgsrv/android_server
- Size
  
  784KB
- MD5
  
  bb8acafbbe9b130453ad08e8106d4b47
- SHA1
  
  eeb96eb3918fa48b8b10b3f2d51df420f5be43f9
- SHA256
  
  d81986d78463b3f6e45bd0c3c9c0933eb1a6331d600ba81469d9f69f400d13fc
- SHA512
  
  63704c3eca0869de295ca469028f318e8efd870eaaae97f254c8d2da4b558f2e3bd46279cc46fe7327bea02030a9460ef4474ab30148e912c4b8a03cb7bfc02c
- SSDEEP
  
  24576:5OJJlZt1cWqOJqj3Tdwn5WJXk0tW7Labp9YLDTH:Qlyt3TdwWbpGDT
Score

1^/10
behavioral11
- Target
  
  IDA-Pro-main/dbgsrv/android_server64
- Size
  
  1.2MB
- MD5
  
  ca08b13708c173f3a94d50a8231130b7
- SHA1
  
  4ec35bc22fc829c6a8f15e958084dc7b651088a1
- SHA256
  
  9500e24e73a98d44892c64efadd5904dccb0b98d2be5b61edcfcf4c9039f1645
- SHA512
  
  660ae998188af95f05b31f2f5b35a8fd92535abff9e01e3bc68f0fa8044832b8d2f6dc2686a0a6191b4d704dcb7e4ff0d6294524f72a68674d3eb52963ddeaae
- SSDEEP
  
  24576:jrl3Q27RKmQfTFHkAyB4luC/pJpLliEt:jh3Q2V0HCmN/pHZt
Score

1^/10
behavioral12 behavioral13 behavioral14 behavioral15
- Target
  
  IDA-Pro-main/dbgsrv/android_x64_server
- Size
  
  1.2MB
- MD5
  
  7c3a5bf7f83f3c7ce9406621f6a4c4b1
- SHA1
  
  17b7bfa6ff89f3cb2b1c3280b8c61b7a04eb4d95
- SHA256
  
  296d7d0e048e96cbf3d92a505ceecdc9a8f0fe180c498f87aca2ad93077e1060
- SHA512
  
  bfbfc8ac80afc5e3c2ae4c6c615c07b5fc3e96b162c3cb2117946e30eb864b3762957cab97c64a4c9d0fc6b43f883881c9a2f69e2d3034b55333a750b3ec6703
- SSDEEP
  
  24576:0tKalyd0tpBc+50jz6Glt+6ufh75qaD1p9+mrK:4lydqc+50jz6Gltpu57caD1p3K
Score

1^/10
behavioral16
- Target
  
  IDA-Pro-main/dbgsrv/android_x86_server
- Size
  
  1.1MB
- MD5
  
  5e733867809fd1d02516ff2bc0dcfae5
- SHA1
  
  213a5a172eebcbf7b6f8d9f4bd167085c46edd46
- SHA256
  
  6c2f009128ee496fe30862c61c2701fa752348cad18441438b4d3cf5a113d354
- SHA512
  
  2455d37007526002e162f6b683abb75ce2e5bfbe0409b1f348c8ec7c1fb840aee4f46321a1de5565549ef9d5f6016c7688f6c337994ca8ab87176348333d50fe
- SSDEEP
  
  24576:PP/lZGrk0ELStCY4LuXNHTZZE8WjRoRh9EvRUp9iLvThk4Otjtq/:/lirYoCY4Lqdtde6j9EZUpgvThBOhtq
Score

1^/10
behavioral17
- Target
  
  IDA-Pro-main/dbgsrv/armlinux_server
- Size
  
  637KB
- MD5
  
  f34a1f64926f11669e294912a0fee628
- SHA1
  
  756e7fc7f7a85f1f98677937e521938330a38715
- SHA256
  
  aec5be0805f408d2c3f6292f020aa4ff2d12972ba2409f3d482c691470862ed6
- SHA512
  
  b99d1cade2fba92d0721149c97d18f12fb9ac829882eba612ab68568b100043c3a4c40f57a08fb11270b6b7ad9b2775d95473edba52e20bdc32d90999db20563
- SSDEEP
  
  12288:Uf7GAlBgUOdv27TnQLzYAqUaPhFO2u4cDN088RngKxfvn4TL7TKa:Uf7HTp/nQLzYAYPtVvn4TL7TKa
Score

3^/10
behavioral18
- Target
  
  IDA-Pro-main/dbgsrv/linux_server
- Size
  
  765KB
- MD5
  
  e6773e9bc1de07237810d8bd4cf46720
- SHA1
  
  a5b1f305800fce5876f3a133ec67a904ae09ee19
- SHA256
  
  0731e92462c8a5f82bac9a4ffec094291b0268a6976dfade9d7d81785fcb288f
- SHA512
  
  91c44db648fdd0dde4155b1ddbda428dc74a9bc40b36f7bb7e7d1f7c6bc807568dddd67158bfdddba9db6da53ba56e5a4921726fd16cff7fbf55a5a23b216dac
- SSDEEP
  
  12288:X+BMz24/GQaq1dW5oemiO3oKuZcpHynFAfyS9TEzXpbSL7vqfrx:X+BMz1/5l1dWaiO3oKuapHUufyS9TkW
Score

1^/10
behavioral19
- Target
  
  IDA-Pro-main/dbgsrv/linux_server64
- Size
  
  722KB
- MD5
  
  e5162cfdae8e321efdeb94a2f3190a59
- SHA1
  
  dcd8950973ba67505f73d6ed43aaa5c3db660df8
- SHA256
  
  aa097ee90aa50c11df515c0c5d54974e3d0bc5ff07127289da2271d8e7e8b5e6
- SHA512
  
  408bff2e98d2b99ab32ac1f25272e0545b48a93bb2f76e607cc5324bf7de39719c52b592fca866b21fae5429b9eadd52302a0c71d93b362cb208435bd485f2d6
- SSDEEP
  
  12288:9SIMAphu8slS6trxCiYdo5NaOIUo4JO3e6Sm2hKcdPpO:9SITo3tkiuofaOZo4kO6SqT
Score

3^/10
behavioral20
- Target
  
  IDA-Pro-main/dbgsrv/mac_server
- Size
  
  773KB
- MD5
  
  e5276e435c81d95a4fd339db9f20bae9
- SHA1
  
  723526e386ef7eaeac42cdba01b58b55c7f35bb0
- SHA256
  
  2e57824aac6cba3bb8a4d7914e3d7595974e070c6b2a19d370ad30ae455c69d9
- SHA512
  
  ddc3b29d9d9b567d617c7152b6994ad5e3f11cf36461bf150a4deafc01edc865a06a24889d6348a0367c25c62a124c0ff12ba3ac7b247bf888d19bc460fdb9d9
- SSDEEP
  
  24576:az5weqqVU1gPZ8u7NpURzYLUTefN0uWMPdv6TjRJwY:azueqqV6+hLUTejdvMJw
Score

1^/10
behavioral21
- Target
  
  IDA-Pro-main/dbgsrv/mac_server64
- Size
  
  754KB
- MD5
  
  0be760e23b791f2939c7aaa96cb58e7a
- SHA1
  
  f0098e1979a88440595fc6faf21eb31ae9f400f3
- SHA256
  
  9a54ba5ed5faf7c1eb1731d601831ce532bb0f5642c06067aaa95d4601bd19ea
- SHA512
  
  4ae702cf67ce24d162a06dd13accf7e278b56884a2b2198c0e5f2d41efc9dfa8f26a49d43ff2f791670e619809806685ef06f99d84ce84b99659c4fcfd2af9c1
- SSDEEP
  
  12288:ytBaV+gglrdoUhuBYqBe+yIFjt8Tyhm17uovfbUZey93qFmtXpUN8zsrXZW6uPV8:ytBq+Vlrdn177vfbUYy93+mjxzsrXVum
Score

1^/10
behavioral22
- Target
  
  IDA-Pro-main/dbgsrv/mac_server_arm64
- Size
  
  737KB
- MD5
  
  94520814d866152512e367c1ca8ad716
- SHA1
  
  94ce19c0910064c5606ef9c2e716128ce5f054f8
- SHA256
  
  c0041c5537ac5db4352c37e3919dba60d2cec2681ec936ee5c3d677b88627389
- SHA512
  
  151a8a55734fda964cc439556578251d6eb7d7016fb83a15640c5145e920f6dcb2d45693705ca2a2b3dd4cadc93a4e2fba51121567aef57dfe62bd3541e40670
- SSDEEP
  
  12288:VFfRetyhX2UukgiIj80Ifi0K6yQLKEeOQB20R9UxJhrv7:7E/k2SqyLKEeOQs0R9UxJhX
Score

1^/10
behavioral23
- Target
  
  IDA-Pro-main/dbgsrv/mac_server_arm64e
- Size
  
  768KB
- MD5
  
  75ff2c7f9deb9694dac5849a9dea2335
- SHA1
  
  a754a9376d67c00e5683009b67d7bf3c4e2cf954
- SHA256
  
  6ca3376ec4d9e94f4935855577ec65926f9d0134d822ddc634d51d5f7dd31388
- SHA512
  
  00d8bda78cf42deec944b6bb56fbd461b933560f21bc7224841158c4b55539e36dcd9fe7edb3b7300063c185d125fb729dc7bf81978bfa2993188bfc76cecd37
- SSDEEP
  
  24576:eN4yOfpCxLge/FaB6D2dhj5cQBBaxJhV:eJrVaB6D2dzBBqJh
Score

1^/10
behavioral24
- Target
  
  IDA-Pro-main/dbgsrv/win32_remote.exe
- Size
  
  713KB
- MD5
  
  ed16388d2796c93b705d6f4c98f16259
- SHA1
  
  b546c201eb04d4ffdd9dd02d0925d7667b286541
- SHA256
  
  4d0782fac17baa4b91c8ec36b2d28398656f9fbd858135be2d418323c1c6648f
- SHA512
  
  ec9060adcfe0a3a9db19692f5f88402838cc6f5a286b34124c38cc9cf6ee45bc57dacedb9f432f5a705040d3af442fe27b02ac23da73452bec8c39cb93022274
- SSDEEP
  
  12288:riygK09BFg1M7J8JjBGYaRCCm0qPZwtY6CpJg4Kg+3PuK3JhJ6LaT/D270gFU:rafOCmzwtY1EfuK3f8LaTb8P
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  IDA-Pro-main/dbgsrv/win64_remote64.exe
- Size
  
  804KB
- MD5
  
  9613938952c5e2991063309982f2ae58
- SHA1
  
  aae4c44ec35960f3729142e0b64edac445d29227
- SHA256
  
  bf229ad6affcd486910c5654e777dc586f7e806d14b1d6613e03dde26359f2cf
- SHA512
  
  9bc1a6b96d577bf7d5b9157ebf64f281326440a2d9dd678205e446b6af81db9bcfb96f6c86e30c37bef683544743953d8ee46f89a3fbaf9f18cc94579c2ad8a5
- SSDEEP
  
  24576:RDe8PcYcOoDekAMNHFZ5AXxu8PcXroThr0:JvXvMHFZmXoa+oT
Score

1^/10
behavioral27 behavioral28
- Target
  
  IDA-Pro-main/ida.dll
- Size
  
  4.1MB
- MD5
  
  d5e960ffde42e89894753b68608442b4
- SHA1
  
  8b901a0ba3d0a36891244ab3bada7ed24e046778
- SHA256
  
  013235cbb26e7d5131b5c589c895beaed595052254f094ece42bc4a77fbc446b
- SHA512
  
  b87f5c55ab59baa224bcd19c4258475bff909c148ab206eea564c8c265d58c57f2d17624fe33a40480048d559c0aa0722f80a4e0ef6ad039c9b9ab11cd470b9c
- SSDEEP
  
  49152:X4ie0OLY7SMEAuDKQ3wNhdaG/GECAXjJVGnEWukv+N3yVYCazzrOPYubrmarAMFU:X4OGejwuXN3y+CqYYuHvq
Score

1^/10
behavioral29 behavioral30
- Target
  
  IDA-Pro-main/ida.exe
- Size
  
  257KB
- MD5
  
  062ed7603d36e3dc4734e52697961972
- SHA1
  
  0a254737a34c14e3963e1420d3a039a5b6fab16d
- SHA256
  
  0ca0a6d4508bd457a7d3a69d6a43168a96eb896dd89c8473665e5fab05a30a6a
- SHA512
  
  68c1583e29ac88575b90b7d4826b8917771c8738afcf7c9e6497a185ba424c3be5e840fe7e4bde8b634d442b9b109c8f8ec00f4ff88800923fb0526e369eec41
- SSDEEP
  
  3072:S4OAN18ZH2Mit33scQBFeUSJyFxTY0Nhv6ZsPV3i6e/GDdiyZ9eAM+PwAU2FuIdu:9Sjk33scYFeUSEFxEkhvFZuG5ZnPtuv
Score

7^/10

persistence vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

VMProtect packed file

Adds Run key to start application

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32