industroyer

Resubmissions

21-01-2025 14:18

250121-rmh7dsxnew 6

17-01-2025 12:26

250117-pmb2zaxreq 6

17-01-2025 10:57

250117-m2me5svncl 6

14-01-2025 16:30

250114-tzz2savmfn 10

Sharing

Copy URL

Twitter E-mail

General

Target

IDA Pro 9.0.240925.zip
Size

718.9MB
Sample

250114-tzz2savmfn
MD5

d71c8afea29f753871a1418343df6905
SHA1

d6e936a0956296f18feb75e9ceba222fd34e12cd
SHA256

3627d3266098a60da43acc2cde5657e8fdb28dc762fe8453e7d5e051b92ee999
SHA512

d362f1c598497cade4016c68304ee767dd4c66d2d3765e2b9fbb8fd56c80a56296841ed898b2928fb5f05b13f1e7d2099144ec37a8a4adc6e02dd43b4f71f06b
SSDEEP

12582912:fS02SQJpCm3narhFl3bhfm+POLgS5hrA0AOzGw8FZQCzzwns976zE1nV+AqY:fKSQnz2L1O+POEMhPz8FZqHzED3h

Score

10^/10

Malware Config

Targets

- Target
  
  IDA Pro 9.0.240925/Crack/cracked+lic/ida.dll
- Size
  
  4.5MB
- MD5
  
  841ad6f0752199fbb3e1f0bed7762f62
- SHA1
  
  cdb78c1fb416dd02d8e331c097be547573e75243
- SHA256
  
  93b3014077366c1a4de5a1043a2775d66bc10d00af259b75d630e3393877ad6b
- SHA512
  
  e404d15f3cdd0854a83cd5b46f714c6a5084755623cb084a5b33b36d883fd250395d0410d45b5c871a69898bb18fb24563812e6f218a9ab25047f92b78ef44e1
- SSDEEP
  
  98304:hmjSUcMn/ebzCO46axxM7iFow5732hERu7q+c:8SUca/ebm6qM7iFou732hERuhc
Score

1^/10
behavioral1 behavioral2
- Target
  
  IDA Pro 9.0.240925/Crack/cracked+lic/ida32.dll
- Size
  
  4.4MB
- MD5
  
  7c9ee7bc31f24df6834d875f2c41e889
- SHA1
  
  1600ff7f49f5f46198489a87b9802d648c3c3e4c
- SHA256
  
  8ab79c98e7207832f4ecd0e031dbcf2ffee07c3efd58c94fabdfc5789a9bbe28
- SHA512
  
  a9da9bf4a26b1802434e799504f4d002270458fe9816dd190acf594e1dfda24016f5de6870ed6efc93b1f6ba04edfac50b1e65079f704950e83a9028e5b82227
- SSDEEP
  
  98304:JIVJmgZGXLWHFXF3hVfJKV1KwOS5ywJH5HimN:iVJnZsLWHFBhVfJKV1KwOS5vJHAI
Score

1^/10
behavioral3 behavioral4
- Target
  
  IDA Pro 9.0.240925/Crack/hexvault_client_90_cracked/hv.exe
- Size
  
  406KB
- MD5
  
  05e69072190c403c0e9fba8b815e99fe
- SHA1
  
  dedc6bfebb54d52f4bb41ae25fb822065edc64d6
- SHA256
  
  6f8433f54fd52d59f9ff82607fdac0c73c353794f04b83d05f94f1a3a79ea0b1
- SHA512
  
  dad975cc095286e53d838c23354d4858143f6451609a4515142a9163ba846755642e5289b02610a7b692f923629843ce797d437e7a42ba72562491d30d737665
- SSDEEP
  
  6144:s9iC/o0bsedF4Zbfa9dc5DtpEr27mLmTdToGgUYIfd0Glp3dVAlqghpQ5Hz:s9iCNbsedFcfaDc5zEr2vT6Uz9T3J
Score

1^/10
behavioral5 behavioral6
- Target
  
  IDA Pro 9.0.240925/Crack/hexvault_client_90_cracked/hvui.exe
- Size
  
  2.3MB
- MD5
  
  1a0a84c4ab371d9e0778d36ac5f9078c
- SHA1
  
  18802584bca184d7e1d7cfe0e7bf7a0b779dd81a
- SHA256
  
  77c4e2ff2c043f9f7f00456729def43a714540d67a9f41a1e483ace69d9c1f5f
- SHA512
  
  cce76da22678e011ac0062d15f01416b849b18eb4bdf620b4206705bf32f3fcc926b8adca637014f0e9de0680e049e4755943b1de2205607b30f61afcd49fb7f
- SSDEEP
  
  49152:5WOg92rs25dviAfnbIQdm7G1jjmrkjyJJgLUKoHCzjq:IKRmi1S6dFzjq
Score

1^/10
behavioral7 behavioral8
- Target
  
  IDA Pro 9.0.240925/Crack/hexvault_server_90_cracked/create_links.sh
- Size
  
  180B
- MD5
  
  e100a577c32b605faa9fbfa54efa9fc5
- SHA1
  
  1e555f8abbc2b0785d7ae4b7f46d2661d9054c72
- SHA256
  
  55b3842d221b9471f2ff2ece4a70ebe9f229f3df7a7dd8cf65f0d873de15ee56
- SHA512
  
  a898272aa10178e1a3aa627fd985d6e9930a92b9f8bacb5f9dfac9f3ca11794c3aff85f85a8b38bdc3c5c6d1c123445dbe782a62074e87af7cac496d5a55da20
Score

1^/10
behavioral10 behavioral11 behavioral12 behavioral9
- Target
  
  IDA Pro 9.0.240925/Crack/hexvault_server_90_cracked/ida_teams_admin_guide.pdf
- Size
  
  460KB
- MD5
  
  8189d2feb089ff6c3ce2a47c1288ebbc
- SHA1
  
  b6b8847f05b600f07bdd42a9ccc1cd5e513beb8b
- SHA256
  
  1ade3f9a319eb439b8e1e04da051fdabd35d132cba878cbe5381a0d7265a318f
- SHA512
  
  442356e59196ffce7ea7fbc2342bbc50f81a0aa01552d2d6cdead64e17a0b79a68a838fd00752b07e0c14a8c7b0189dd84615a34d9bcce27f0c638ec52622d08
- SSDEEP
  
  1536:t9IEBIu/MItNJ/1yAuIlJxYs1CyXOh7wX/XOh7wXkUkNUbU5FOeLX3GjnDr4EE3U:kS7Pr4BsGbGeugsLB1t6ZE8tJ+AB4
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  IDA Pro 9.0.240925/Crack/hexvault_server_90_cracked/libmysqlclient.so
- Size
  
  8.8MB
- MD5
  
  3e734f8682186c740f4a9f8de38661f6
- SHA1
  
  78216810b81970fb3723ad7b644ae8bd8b1fe72f
- SHA256
  
  d2cedd3f177e20b5c3d0b8703afc61092ca0599de9dde10fec8d6323464d4f98
- SHA512
  
  3a5018cd2adbf624403d66927317eef06c004c3885e41df81398e677f5ef98aa6773dad8e6c0a965c492c32fd9bb49cf88f521254bdf6259c1bdfc92279b9f20
- SSDEEP
  
  49152:QmbgODkFOZ/kUNLXHFczfObycqH4pcU8OsURJsFEolumo0gJFTP2ymsA4NA2TmZG:lcMTmzkJpsNlFCPrmsA4NAPCOgECmqjZ
Score

1^/10
behavioral15
- Target
  
  IDA Pro 9.0.240925/Crack/hexvault_server_90_cracked/vault_server
- Size
  
  1.8MB
- MD5
  
  b761934076eb675d3805ea110883a034
- SHA1
  
  f9c3b494a27c33b75f1b8ece27e7af4d780fbafe
- SHA256
  
  5930ddecb9fe1c9a4bebac942ab80e0cdff882eae461b994fea10d3a8e1e4bbf
- SHA512
  
  e939ec962513a8de303dbad32a7925b594a5c56f5e531dca868b70641026bb8cfcf9879149c04ff9d54051aad2d427215ba482dfbf570972dd04f03a594e00c6
- SSDEEP
  
  24576:kvvipwjXnwPWB6+praIfAxm/yeTyzkaT7uobh39+zUK9TvEV6Vf52BVPyw:kvapwzVQ6fDylZL+TsV6Vf52HP
Score

1^/10
behavioral16
- Target
  
  IDA Pro 9.0.240925/Crack/hexvault_server_90_cracked/vault_server_orig
- Size
  
  1.8MB
- MD5
  
  154ec7c9f8ac61b275820bd29019819f
- SHA1
  
  dd9b27aff596642acad1992b13ae9152376aefa4
- SHA256
  
  ca95b52be7ec91df892dd17c1f1eb119390ffd1a07551dc70581d3f04b35e393
- SHA512
  
  5a4baf969f8a7648f30e8a12aefab6a7d22497a5d188f7b49695c1d2d7bb7ec5c2babecd19936cbca44eef8967b958ff3a5aacce23d7255709e221cf3f925bd9
- SSDEEP
  
  24576:kvvipwjXnwPWB6+praIfAxm/yeTyzkaT7uobh39+zUK9TvEV6Wf52BVPyw:kvapwzVQ6fDylZL+TsV6Wf52HP
Score

1^/10
behavioral17
- Target
  
  IDA Pro 9.0.240925/Setup/ida-pro_90_x64win.exe
- Size
  
  462.2MB
- MD5
  
  4da7e40d2a099623506e12030fe5bb50
- SHA1
  
  8ca92aaff667df87a0b87e648f40083fd963aca9
- SHA256
  
  e24ae161a8a9d2edde04149c270db3509cb1056841bed0763ae167902f160c9c
- SHA512
  
  687deb439886bcbd25a9128371da6dc1dfaa675e1ec6e5baac13bd33b47cab35664f51576fd7a89baa6bdc86e85e550db9a8dd301de1b2de50079f7d9ebf8892
- SSDEEP
  
  12582912:7QEVt0NU1A9UxtCypOOZsZquwbxvPEvqNQfLblJ/i:7fVt0N+3/ObquGJPpQPlJ/
Score

10^/10

industroyer discovery evasion persistence trojan privilege_escalation
- Industroyer
  Contains code associated with parsing industroyer's configuration file.
- Industroyer family
  industroyer
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral18 behavioral19
- Target
  
  misc/hexlicsrv90_x64linux.run
- Size
  
  6.9MB
- MD5
  
  d99bd6a544b6f53663e96c9bf7fd5574
- SHA1
  
  bba1ee7ada27f86b5d8e3217600ee196e9d51057
- SHA256
  
  ae32a6a19d8b52f8cdd28f76d4f193b72cae921fef68df94433fb44bbd539a8b
- SHA512
  
  09286b725f2b72f38d210722390b1e2422b3d7d48937c7d2af2432b8f0541e4762c804c431938487d1f4a64fa44478d91adb29f139ff96d61b723dbd7d47e1c0
- SSDEEP
  
  98304:UCuSirRlJGo1xWNlSj66wiQpi+SG/2KqPZcVte00XaV42wxI2tLaYaeqFrJ0UI/k:JUcLQ+lOcVtIXaVCxZaYamUI/bli
Score

4^/10

antivm discovery
behavioral20
- Target
  
  misc/hexvault90_x64linux.run
- Size
  
  9.8MB
- MD5
  
  8b32820db3c4b09403f4306c0b446fbb
- SHA1
  
  c02eeabe74346f6b350f2e5a4546a7c7b1134932
- SHA256
  
  0d92350d67b0f53560178119162cba4c43fd7299ad374b9910b7b42cdadc1967
- SHA512
  
  8c6202ec0d2201cb525016436b6c68c71a962da320185fc7cc88c924a4d704bcf63c6437858c407c466e0b5c889a11668d1b7d8d81b15ba3a28c47f62bf460fc
- SSDEEP
  
  196608:JUcAJmB/9dnPeAch9BKdd14/7dtf7/cNtIXaVCxd7U0BUI/blh:JUXgBldnPeph90dCzH7/yVoXUI/Jh
Score

8^/10

antivm credential_access defense_evasion discovery execution persistence
- Modifies password files for system users/ groups
  Modifies files storing password hashes of existing users/ groups, likely to grant additional privileges.
  persistence credential_access defense_evasion
- OS Credential Dumping
  Adversaries may attempt to dump credentials to use it in password cracking.
  credential_access
- Adds a user to the system
behavioral21
- Target
  
  idasdk90/module/m7900/emu.cpp
- Size
  
  6KB
- MD5
  
  89d7f77edae0d317e8380606d8ac95a0
- SHA1
  
  6780e1ee4443549efe4e5a1ba54f85bcbc558bbf
- SHA256
  
  793bdba69a845fe1e50b01b5ea518febb6fc036df14378ead0ad96cc6036cffc
- SHA512
  
  651eea111abbd818dbb0e4986d89ea98423cfe0b8f6405eb0aedfbc58a94c4f92e1a69aeb6344508ff960adcae72f575d4ad621e82567c115dbba31064b9222c
- SSDEEP
  
  192:9zgIv+BRKaah99CDXBK+Lyz31RxvdvrvPaddbfbv4RyxgdvuvVv8vT+v41PvgPZl:v+BRoOg+YFbJLEdbfbvMXJeRATu41ngb
Score

1^/10
behavioral22 behavioral23
- Target
  
  idasdk90/module/mn102/emu.cpp
- Size
  
  3KB
- MD5
  
  9bfe21596d781dedc4a432f4a04689fc
- SHA1
  
  d2a44483202143465b017474523e49047b0fbeca
- SHA256
  
  6983f4fa433ca40bbcc65a45cd02044da5f56bfc1709d2c7b0c74197d2099fa8
- SHA512
  
  2b8393d3cec9a62db2dc6e4dc26ac4dcfa442d9e14fa018bed920741b83f430c16e14b50066954ccc19c13e5d88f83cb5165d8d798f29ad3e9dc41e606b1e117
Score

1^/10
behavioral24 behavioral25
- Target
  
  idasdk90/module/nec850/necv850.hpp
- Size
  
  9KB
- MD5
  
  4332cfbedf522b9e0e9342b0c3b82bce
- SHA1
  
  eae1acad3296b54438be0b90d9aa365c5417f640
- SHA256
  
  0255cce97e0ca6813464827ed4ddcade005eceb086137438335d1af753186ccb
- SHA512
  
  73e76f97211db6c1a77fcde8c4452f3ce78126e3bf31752462892b2f66c86c62553b8a6dad97a8a463f97ac49e5972594d4d4165fa3957ed19ba09ad1694adba
- SSDEEP
  
  192:1ET8tyOghS+iZjpHoF2ioIBWoUgofoAZjWiLQpmh6JytkpdyWqHE:q7cIBJUjQAAiLBkpdyWYE
Score

3^/10

execution
behavioral26 behavioral27
- Target
  
  idasdk90/module/sam8/ana.cpp
- Size
  
  23KB
- MD5
  
  db74eb7d89e1346052004da900d47f6e
- SHA1
  
  0384dd1057168031a1b1c3436abc738aec547be7
- SHA256
  
  14c5fbb266ff55f19e28a221c392d95dfec711a654b5c6dfec82407c74b6753d
- SHA512
  
  b8dc93b0af3cb67447b969097a67fd02af96c6aaf54210360b0be6f3d9c7ef4d67a4e83470a4b0ca54f6cc3d4cb93c15c00f7bd85dd75c34c7625488ad85c01b
- SSDEEP
  
  384:83wk1w5Kd9SEit4r3dAZNMMqR05xsNiZNgmrQOOXOBOZO2N88en+Nw:8hd9SEiGr3dAZN7qR05xsNiZNgmrQOOI
Score

1^/10
behavioral28 behavioral29
- Target
  
  idasdk90/module/sam8/emu.cpp
- Size
  
  4KB
- MD5
  
  dde8b5166503c0643d507cee766ead77
- SHA1
  
  db05688601ca62141a6701f7232da59f1b683161
- SHA256
  
  37e7b900e35494de8d7852face0d39e221063865fe17447582234231d017bcd6
- SHA512
  
  b55b5056fa95d4cd36ef5083f9c04e1c36fcb57c650eff927355171635a198df50e92e76f43e280a245b1effa2eaa478bf1b4da63178e3702c6c1c807fa9c411
- SSDEEP
  
  96:ZHwazJfE3u635OCaPeeOh4PeeJjQeJlh3ZBtcfJZiJzXDQlP0x3FM3zK:ZHlFwnYCaPk+PdJxAhYalcx3EK
Score

1^/10
behavioral30 behavioral31
- Target
  
  idasdk90/module/script/ebc.py
- Size
  
  52KB
- MD5
  
  3b6b6269ee5aa5328ce951528839b737
- SHA1
  
  d0d15f989ac141bdfd414ba054ba2d61826d7016
- SHA256
  
  ac6abeaf7d1e1b244ee6a265da786d75a7e2cc14071067b9d22ad3cac427f65b
- SHA512
  
  c0b7cfd41a579537a88cfdc22679042fac18679ec5da955a45aac386b307bfceb553ff69c3ea7ed78594c5d37d3961c901921e9262359a6555394a0f868b3928
- SSDEEP
  
  384:7LtcnGVRW0KDzUAHBgG9B9oDO2sOCMzPEGdVJtqLF8U8qZtZSrmpcTqnZrBUZn+F:7LtcnGVRW0KDYAhgG9BwzzLJa
Score

3^/10

discovery
behavioral32