54e1a23fcecd8901dcadcc4aa574b604948f3e01d38b7d0741cd3663c9e261a1 | Triage

Sharing

General

Target

2024-09-19_d6f9bb4ad6bb045f2b7489a06dbada50_hijackloader_icedid
Size

10.6MB
Sample

240919-d86ypazark
MD5

d6f9bb4ad6bb045f2b7489a06dbada50
SHA1

09ac7992b59dbdb1e84fd867b9cb98b5dcb04776
SHA256

54e1a23fcecd8901dcadcc4aa574b604948f3e01d38b7d0741cd3663c9e261a1
SHA512

5c3edf37be6de4fe2eb44193faa2fe8a557332ba2c144c556f74e6e9c78573dfcb27bf38de6fa2bce514ebd6bb58d1898b9536d467a937a0e3037c80e78a5495
SSDEEP

98304:Xe5x6c1O47IwwdocoYoBloAoPHbsDuxm9pZxwgqWQtZ/K0tGOFWVRuLftCT:wGdJl0lZDDusxeWyZ/K0ttYVAAT

Score

8^/10

discovery persistence ransomware

Malware Config

Targets

- Target
  
  2024-09-19_d6f9bb4ad6bb045f2b7489a06dbada50_hijackloader_icedid
- Size
  
  10.6MB
- MD5
  
  d6f9bb4ad6bb045f2b7489a06dbada50
- SHA1
  
  09ac7992b59dbdb1e84fd867b9cb98b5dcb04776
- SHA256
  
  54e1a23fcecd8901dcadcc4aa574b604948f3e01d38b7d0741cd3663c9e261a1
- SHA512
  
  5c3edf37be6de4fe2eb44193faa2fe8a557332ba2c144c556f74e6e9c78573dfcb27bf38de6fa2bce514ebd6bb58d1898b9536d467a937a0e3037c80e78a5495
- SSDEEP
  
  98304:Xe5x6c1O47IwwdocoYoBloAoPHbsDuxm9pZxwgqWQtZ/K0tGOFWVRuLftCT:wGdJl0lZDDusxeWyZ/K0ttYVAAT
Score

8^/10

discovery persistence ransomware
- Drops file in Drivers directory
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistenceransomware