Overview

overview

10

Static

static

b603ce4a15...41.exe

windows7-x64

10

b603ce4a15...41.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b603ce4a15e89ee253d97c1b1deb4941.exe

  • Size

    1.1MB

  • Sample

    220810-rey8msdac8

  • MD5

    b603ce4a15e89ee253d97c1b1deb4941

  • SHA1

    9a436e302870bbb2460fb6824333a170df577b95

  • SHA256

    678c05e87b07f6f9a979ae0f032956baf9ccb338aec4b50af77284d62fc97688

  • SHA512

    3e82f7b6db17b094543e5e29d6c11c643b403809ff3ea6f541b71a778c498664afe63e1a5196b1c2d058233cfad3fd88851629490809d3234a0ca9f1787d2f93

Score
10/10
icexloaderloaderpersistence

Malware Config

Targets

    • Target

      b603ce4a15e89ee253d97c1b1deb4941.exe

    • Size

      1.1MB

    • MD5

      b603ce4a15e89ee253d97c1b1deb4941

    • SHA1

      9a436e302870bbb2460fb6824333a170df577b95

    • SHA256

      678c05e87b07f6f9a979ae0f032956baf9ccb338aec4b50af77284d62fc97688

    • SHA512

      3e82f7b6db17b094543e5e29d6c11c643b403809ff3ea6f541b71a778c498664afe63e1a5196b1c2d058233cfad3fd88851629490809d3234a0ca9f1787d2f93

    Score
    10/10
    icexloaderloaderpersistence

    • Detects IceXLoader v3.0

    • icexloader

      IceXLoader is a downloader used to deliver other malware families.

      loadericexloader

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks