industroyer | eb439c140577beb70515e543f4e6b9a3f0b51f25d2c23db8da8c09b37d8fe472 | Triage

Submit
Reports

Overview

overview

Static

static

6

IDA Pro 9....up.exe

windows7-x64

IDA Pro 9....up.exe

windows10-2004-x64

Sharing

General

Target

IDA_Pro_9.0.240925_SoftGozar.com.rar
Size

728.1MB
Sample

241212-3kz8ns1mdw
MD5

61b898a245b45a281a1665e157bb4103
SHA1

a8ce85f81ae979bd46fb5b53e6a0abcb248db65b
SHA256

eb439c140577beb70515e543f4e6b9a3f0b51f25d2c23db8da8c09b37d8fe472
SHA512

0df0f027743cd5b38ab2a29437a2bde516cd521cb4701c7d151ea85aa03a6277e0eef658dd09572a496794bb813fe39f59839258b7ca52728238d725e69abc1e
SSDEEP

12582912:uzzwns9eyNUK7bYBP6j8PW9ubVDETTEk34/EJr86zE1nV+Aqhw2:ZFyN5bm6QbVwPJ4/WrTzED3Ar

Score

10^/10

industroyer discovery evasion link pdf persistence privilege_escalation trojan

Static task

static1

pdf link evasion

4 signatures

Behavioral task

behavioral1

Sample

IDA Pro 9.0.240925/Setup.exe

Resource

win7-20240903-en

industroyer discovery evasion persistence trojan

windows7-x64

14 signatures

600 seconds

Behavioral task

behavioral2

Sample

IDA Pro 9.0.240925/Setup.exe

Resource

win10v2004-20241007-en

industroyer discovery evasion persistence privilege_escalation trojan

windows10-2004-x64

29 signatures

600 seconds

Malware Config

Targets

- Target
  
  IDA Pro 9.0.240925/Setup.exe
- Size
  
  462.2MB
- MD5
  
  4da7e40d2a099623506e12030fe5bb50
- SHA1
  
  8ca92aaff667df87a0b87e648f40083fd963aca9
- SHA256
  
  e24ae161a8a9d2edde04149c270db3509cb1056841bed0763ae167902f160c9c
- SHA512
  
  687deb439886bcbd25a9128371da6dc1dfaa675e1ec6e5baac13bd33b47cab35664f51576fd7a89baa6bdc86e85e550db9a8dd301de1b2de50079f7d9ebf8892
- SSDEEP
  
  12582912:7QEVt0NU1A9UxtCypOOZsZquwbxvPEvqNQfLblJ/i:7fVt0N+3/ObquGJPpQPlJ/
Score

10^/10

industroyer discovery evasion persistence trojan privilege_escalation
- Industroyer
  Contains code associated with parsing industroyer's configuration file.
- Industroyer family
  industroyer
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

industroyerdiscoveryevasionpersistencetrojan

behavioral2

industroyerdiscoveryevasionpersistenceprivilege_escalationtrojan

© 2018-2025

Terms | Privacy