11f78823e017c2f867d2ff3b7927b545fd07d31706ee2a11198a559e365f4d44 | Triage

Sharing

General

Target

2024-08-22_12e1a06ef64861d6e7f1030d97caafee_icedid
Size

7.4MB
Sample

240822-jamp2sveka
MD5

12e1a06ef64861d6e7f1030d97caafee
SHA1

0e63bebe4de9687ee64f5c2ce9434f3ef2963fa0
SHA256

11f78823e017c2f867d2ff3b7927b545fd07d31706ee2a11198a559e365f4d44
SHA512

72aacc0a9b5108dcb2723a4b8df884fee21c3fa52c947d5c62f477d898e90403e513deaf34b512bd7c2ead152b46e2abf3c5ebe80891f2a5c73dae2bc70ed1b0
SSDEEP

98304:Xe5x6c1BSo+o6XdNhS9Yw8OENhS9Yw8y:wlSOA7wzSwf

Score

8^/10

discovery persistence ransomware

Malware Config

Targets

- Target
  
  2024-08-22_12e1a06ef64861d6e7f1030d97caafee_icedid
- Size
  
  7.4MB
- MD5
  
  12e1a06ef64861d6e7f1030d97caafee
- SHA1
  
  0e63bebe4de9687ee64f5c2ce9434f3ef2963fa0
- SHA256
  
  11f78823e017c2f867d2ff3b7927b545fd07d31706ee2a11198a559e365f4d44
- SHA512
  
  72aacc0a9b5108dcb2723a4b8df884fee21c3fa52c947d5c62f477d898e90403e513deaf34b512bd7c2ead152b46e2abf3c5ebe80891f2a5c73dae2bc70ed1b0
- SSDEEP
  
  98304:Xe5x6c1BSo+o6XdNhS9Yw8OENhS9Yw8y:wlSOA7wzSwf
Score

8^/10

discovery persistence ransomware
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistenceransomware