Overview

overview

10

Static

static

file.exe

windows7-x64

8

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    798KB

  • Sample

    221022-y4f7paeeg7

  • MD5

    f22767b6260d5c30146637eb8bb602c8

  • SHA1

    f9172f701a0c3957af1801e25951d6cd154e67ec

  • SHA256

    8982e072b2b380555b308d7180ee08b36e524907668b0f6f98f9136bbe93ac13

  • SHA512

    749174038409ad519527ae2f29200a1cc9a0ddd6d767e7d15f43053e9e6bb33578bce8739305aaf1e26ef34de1a0afb914bbe19a9a0ea6fc8036a8bee714da9b

  • SSDEEP

    3072:lahKyd2n3165U1SXdkLPdf/RVJzKEANr8qkCr:lahO7IsRVJz0rO

Score
10/10
icexloaderloaderpersistence

Malware Config

Extracted

Family

icexloader

C2

http://stealthelite.one/magnumopus/Script.php

Targets

    • Target

      file.exe

    • Size

      798KB

    • MD5

      f22767b6260d5c30146637eb8bb602c8

    • SHA1

      f9172f701a0c3957af1801e25951d6cd154e67ec

    • SHA256

      8982e072b2b380555b308d7180ee08b36e524907668b0f6f98f9136bbe93ac13

    • SHA512

      749174038409ad519527ae2f29200a1cc9a0ddd6d767e7d15f43053e9e6bb33578bce8739305aaf1e26ef34de1a0afb914bbe19a9a0ea6fc8036a8bee714da9b

    • SSDEEP

      3072:lahKyd2n3165U1SXdkLPdf/RVJzKEANr8qkCr:lahO7IsRVJz0rO

    Score
    10/10
    persistenceicexloaderloader

    • Detects IceXLoader v3.0

    • icexloader

      IceXLoader is a downloader used to deliver other malware families.

      loadericexloader

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.