General
-
Target
file.exe
-
Size
798KB
-
Sample
221022-y4f7paeeg7
-
MD5
f22767b6260d5c30146637eb8bb602c8
-
SHA1
f9172f701a0c3957af1801e25951d6cd154e67ec
-
SHA256
8982e072b2b380555b308d7180ee08b36e524907668b0f6f98f9136bbe93ac13
-
SHA512
749174038409ad519527ae2f29200a1cc9a0ddd6d767e7d15f43053e9e6bb33578bce8739305aaf1e26ef34de1a0afb914bbe19a9a0ea6fc8036a8bee714da9b
-
SSDEEP
3072:lahKyd2n3165U1SXdkLPdf/RVJzKEANr8qkCr:lahO7IsRVJz0rO
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
icexloader
http://stealthelite.one/magnumopus/Script.php
Targets
-
-
Target
file.exe
-
Size
798KB
-
MD5
f22767b6260d5c30146637eb8bb602c8
-
SHA1
f9172f701a0c3957af1801e25951d6cd154e67ec
-
SHA256
8982e072b2b380555b308d7180ee08b36e524907668b0f6f98f9136bbe93ac13
-
SHA512
749174038409ad519527ae2f29200a1cc9a0ddd6d767e7d15f43053e9e6bb33578bce8739305aaf1e26ef34de1a0afb914bbe19a9a0ea6fc8036a8bee714da9b
-
SSDEEP
3072:lahKyd2n3165U1SXdkLPdf/RVJzKEANr8qkCr:lahO7IsRVJz0rO
Score10/10-
Detects IceXLoader v3.0
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-