industroyer | 512f4e391f2c99a528cbc858a75325d0acc80156ca575fe8ea5f0df6e20f29a8 | Triage

Sharing

General

Target

20240917-2337_f7b60fd7742955bb72c2415d42c6d87f.tgz
Size

451.6MB
Sample

250225-mw36pstrt5
MD5

71fd968bd90c7dfe28c201b1ab8ef5fd
SHA1

a3a73a2521d3ff887c0a4ea69f7975ef22d7ac82
SHA256

512f4e391f2c99a528cbc858a75325d0acc80156ca575fe8ea5f0df6e20f29a8
SHA512

bb7e5470b7897dceaa22547851f44768013b17c6babd9271413ca7e39673a8902ae4b3ebeb76fa03d9f2e8fcb15633eadf82b02be5289c9cd0d70a082da960f4
SSDEEP

12582912:0Nm279LYTXKIuyEytQKbW685CaXNqyEsQpQi:P27VYTXduyEyVaItpt

Score

10^/10

industroyer defense_evasion discovery trojan

Malware Config

Targets

- Target
  
  IDAPro_9.0_Setup_&_Crack/idapro_90_x64win.exe
- Size
  
  462.9MB
- MD5
  
  18565723b9ebc49e042c6f80bb9f5c1e
- SHA1
  
  890b5dc50e4b8bd4e50e21a3f104852e7e7e1a86
- SHA256
  
  4058fb9bdb56658b82ed2b4d1d5bafd45fbfd4cecb671d7cb4087352bf6f2155
- SHA512
  
  d0c707f909fe7a3583797a8e2bdf93f52b985080b7ca65a200fdcec361b3ddaa876e6b45ee59a6eb9b7646a486665f7e121eff5b3c07f9606cbd26a068f6eaa7
- SSDEEP
  
  12582912:1z5tDgM1g2NU1A9FxtCypOOZsZquwbxvPEvqNFLblJ/i:1z5tssg2N+K/ObquGJPpVlJ/
Score

10^/10

industroyer defense_evasion discovery trojan
- Industroyer
  Contains code associated with parsing industroyer's configuration file.
- Industroyer family
  industroyer
behavioral1
- Target
  
  IDAPro_9.0_Setup_&_Crack/patcher.exe
- Size
  
  5.4MB
- MD5
  
  4f02273679acc5106434155362a08d97
- SHA1
  
  66f26df0891466b6bc050219faa050f66b5e896f
- SHA256
  
  95c3e515f6b82307f42bda326b354154f2ad0a0752ccab404f2b22ca9e14748f
- SHA512
  
  d61e5bdb6316a37c1b33641a32ee434dc4847cbe8ebfa5f30ddaef563ea79fdd0e9e50f5f9ff8b6d3bc879e741b1a4df02b1e09ecd8797c1bb26aad80f2a4835
- SSDEEP
  
  98304:AB5+0iZJ8i4nSJPwYmFvKH+lwzIgH/Pf+XBRq732SIo4lkY7wtzqNS:ABAv5JPwYm1Ke98/eXbi7JYktzqN
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

industroyerdefense_evasiondiscoverytrojan

behavioral2