c28461f20cec02e9c32e5f916d6a691a052e8ebb01528ab381dc3f56198c86e6 | Triage

Sharing

General

Target

2024-09-02_20a76fa87be38a19c1d9e3c016006852_icedid
Size

22.3MB
Sample

240902-3e8yma1fkg
MD5

20a76fa87be38a19c1d9e3c016006852
SHA1

5c0587f461496631a7cde9093e2c0753a56a1685
SHA256

c28461f20cec02e9c32e5f916d6a691a052e8ebb01528ab381dc3f56198c86e6
SHA512

82c4a0b42a89cd252ad83dda91cdbffafacc3eb07ac9a39e3e70e5b59310420d1f29e9bec35c862ae9742664853a922edb3e28928e8a90ea3d410d3d89c68c45
SSDEEP

196608:wpfDuPhas3TehREvExspfDuPhas3TehREvEx/DV1:EfMccT7vESfMccT7vEZf

Score

8^/10

discovery persistence ransomware

Malware Config

Targets

- Target
  
  2024-09-02_20a76fa87be38a19c1d9e3c016006852_icedid
- Size
  
  22.3MB
- MD5
  
  20a76fa87be38a19c1d9e3c016006852
- SHA1
  
  5c0587f461496631a7cde9093e2c0753a56a1685
- SHA256
  
  c28461f20cec02e9c32e5f916d6a691a052e8ebb01528ab381dc3f56198c86e6
- SHA512
  
  82c4a0b42a89cd252ad83dda91cdbffafacc3eb07ac9a39e3e70e5b59310420d1f29e9bec35c862ae9742664853a922edb3e28928e8a90ea3d410d3d89c68c45
- SSDEEP
  
  196608:wpfDuPhas3TehREvExspfDuPhas3TehREvEx/DV1:EfMccT7vESfMccT7vEZf
Score

8^/10

discovery persistence ransomware
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistenceransomware