industroyer | 9c85fae6b334bb652543d2a82772301f93149491073f3d362f711cab31719f11 | Triage

Submit
Reports

Overview

overview

Static

static

1

ida-pro_90...in.exe

windows11-21h2-x64

Sharing

General

Target

ida-pro_90sp1_x64win.exe
Size

462.5MB
Sample

250123-tr8c7awqhn
MD5

57caca01f05c181d57d238a36c8ce0fa
SHA1

0aca1d58d172c8b3cb8d4facb9c03bfb10d0f5d3
SHA256

9c85fae6b334bb652543d2a82772301f93149491073f3d362f711cab31719f11
SHA512

028441c8f1b610bf9ae78e9a5571b0f498dda809af3b20686bcac023fa9683569dd4df23ab473c03e3bdd15706265cace4599eecf1c5bf5099e68d45abd9de1f
SSDEEP

12582912:Cj3sAitGNU1A9rxtCypOOZsZquwbxvPEvqNKLblJ/i:CjcAitGN+I/ObquGJPpOlJ/

Score

10^/10

industroyer defense_evasion discovery persistence privilege_escalation trojan

Static task

static1

Behavioral task

behavioral1

Sample

ida-pro_90sp1_x64win.exe

Resource

win11-20241007-en

industroyer defense_evasion discovery persistence privilege_escalation trojan

windows11-21h2-x64

31 signatures

900 seconds

Malware Config

Targets

- Target
  
  ida-pro_90sp1_x64win.exe
- Size
  
  462.5MB
- MD5
  
  57caca01f05c181d57d238a36c8ce0fa
- SHA1
  
  0aca1d58d172c8b3cb8d4facb9c03bfb10d0f5d3
- SHA256
  
  9c85fae6b334bb652543d2a82772301f93149491073f3d362f711cab31719f11
- SHA512
  
  028441c8f1b610bf9ae78e9a5571b0f498dda809af3b20686bcac023fa9683569dd4df23ab473c03e3bdd15706265cace4599eecf1c5bf5099e68d45abd9de1f
- SSDEEP
  
  12582912:Cj3sAitGNU1A9rxtCypOOZsZquwbxvPEvqNKLblJ/i:CjcAitGN+I/ObquGJPpOlJ/
Score

10^/10

industroyer defense_evasion discovery persistence privilege_escalation trojan
- Industroyer
  Contains code associated with parsing industroyer's configuration file.
- Industroyer family
  industroyer
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

industroyerdefense_evasiondiscoverypersistenceprivilege_escalationtrojan

© 2018-2025

Terms | Privacy