Overview

overview

10

Static

static

1

ida-pro_90_x64win.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ida-pro_90_x64win.exe

  • Size

    462.2MB

  • Sample

    250117-rg9gds1law

  • MD5

    4da7e40d2a099623506e12030fe5bb50

  • SHA1

    8ca92aaff667df87a0b87e648f40083fd963aca9

  • SHA256

    e24ae161a8a9d2edde04149c270db3509cb1056841bed0763ae167902f160c9c

  • SHA512

    687deb439886bcbd25a9128371da6dc1dfaa675e1ec6e5baac13bd33b47cab35664f51576fd7a89baa6bdc86e85e550db9a8dd301de1b2de50079f7d9ebf8892

  • SSDEEP

    12582912:7QEVt0NU1A9UxtCypOOZsZquwbxvPEvqNQfLblJ/i:7fVt0N+3/ObquGJPpQPlJ/

Score
10/10
industroyerdiscoveryevasionpersistenceprivilege_escalationtrojan

Malware Config

Targets

    • Target

      ida-pro_90_x64win.exe

    • Size

      462.2MB

    • MD5

      4da7e40d2a099623506e12030fe5bb50

    • SHA1

      8ca92aaff667df87a0b87e648f40083fd963aca9

    • SHA256

      e24ae161a8a9d2edde04149c270db3509cb1056841bed0763ae167902f160c9c

    • SHA512

      687deb439886bcbd25a9128371da6dc1dfaa675e1ec6e5baac13bd33b47cab35664f51576fd7a89baa6bdc86e85e550db9a8dd301de1b2de50079f7d9ebf8892

    • SSDEEP

      12582912:7QEVt0NU1A9UxtCypOOZsZquwbxvPEvqNQfLblJ/i:7fVt0N+3/ObquGJPpQPlJ/

    Score
    10/10
    industroyerdiscoveryevasionpersistenceprivilege_escalationtrojan

    • Industroyer

      Contains code associated with parsing industroyer's configuration file.

    • Industroyer family

      industroyer

    • Adds Run key to start application

      persistence

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Browser Information Discovery

1
T1217

Peripheral Device Discovery

2
T1120

Query Registry

5
T1012

System Information Discovery

6
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.