5987e288977fbaf685f2f08dd6605600419e20686f3165610faafb622a1f56c3 | Triage

Sharing

General

Target

2024-09-18_141557d06217a4bef5fd7a5aac253d53_icedid
Size

11.3MB
Sample

240918-kzge1atblq
MD5

141557d06217a4bef5fd7a5aac253d53
SHA1

47bf541f1d8d15dfb65f8953bc44e6666b194adc
SHA256

5987e288977fbaf685f2f08dd6605600419e20686f3165610faafb622a1f56c3
SHA512

29bdcba0c54e17899946a77394e264d169bc7a89224840aa2b0dcc200f76e8d0636134dbd5fac01ed6197a23fa355bec69c0ed590cc20d2d6cb28db2ac4d6e36
SSDEEP

196608:AiNxtnxjs3TehREvuxiNxtnxjs3TehREvuS:pjlcT7vnjlcT7vz

Score

8^/10

discovery persistence ransomware

Malware Config

Targets

- Target
  
  2024-09-18_141557d06217a4bef5fd7a5aac253d53_icedid
- Size
  
  11.3MB
- MD5
  
  141557d06217a4bef5fd7a5aac253d53
- SHA1
  
  47bf541f1d8d15dfb65f8953bc44e6666b194adc
- SHA256
  
  5987e288977fbaf685f2f08dd6605600419e20686f3165610faafb622a1f56c3
- SHA512
  
  29bdcba0c54e17899946a77394e264d169bc7a89224840aa2b0dcc200f76e8d0636134dbd5fac01ed6197a23fa355bec69c0ed590cc20d2d6cb28db2ac4d6e36
- SSDEEP
  
  196608:AiNxtnxjs3TehREvuxiNxtnxjs3TehREvuS:pjlcT7vnjlcT7vz
Score

8^/10

discovery persistence ransomware
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistenceransomware