bc4c37e50ad9422f7205692843e2cee27a49a37aaf0e5ea1da25eea9f5eb3c6b | Triage

Sharing

General

Target

2024-08-21_c3dd3056e28b1ab3e7c6f2e4b02196e6_icedid
Size

5.8MB
Sample

240821-v155vs1fke
MD5

c3dd3056e28b1ab3e7c6f2e4b02196e6
SHA1

20e0f8d694300a2572cb4be17dbbdad5edd5ed98
SHA256

bc4c37e50ad9422f7205692843e2cee27a49a37aaf0e5ea1da25eea9f5eb3c6b
SHA512

5eb907d85987a04ca3fe0d73d43d2ec867394d3c30d2cebb2c466e27dffad68833c0594c5c7a48be0b645638affd91cf8b21ebc3eda1891d01fecaa083665cfa
SSDEEP

98304:Xe5x6c1L7IwwcFhHZhkHbsDuco4FD+5MyKht:w2yh/DucNXh

Score

8^/10

discovery persistence ransomware

Malware Config

Targets

- Target
  
  2024-08-21_c3dd3056e28b1ab3e7c6f2e4b02196e6_icedid
- Size
  
  5.8MB
- MD5
  
  c3dd3056e28b1ab3e7c6f2e4b02196e6
- SHA1
  
  20e0f8d694300a2572cb4be17dbbdad5edd5ed98
- SHA256
  
  bc4c37e50ad9422f7205692843e2cee27a49a37aaf0e5ea1da25eea9f5eb3c6b
- SHA512
  
  5eb907d85987a04ca3fe0d73d43d2ec867394d3c30d2cebb2c466e27dffad68833c0594c5c7a48be0b645638affd91cf8b21ebc3eda1891d01fecaa083665cfa
- SSDEEP
  
  98304:Xe5x6c1L7IwwcFhHZhkHbsDuco4FD+5MyKht:w2yh/DucNXh
Score

8^/10

discovery persistence ransomware
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistenceransomware