Extracted

• • Target

    file

  • Size

    798KB

  • MD5

    f22767b6260d5c30146637eb8bb602c8

  • SHA1

    f9172f701a0c3957af1801e25951d6cd154e67ec

  • SHA256

    8982e072b2b380555b308d7180ee08b36e524907668b0f6f98f9136bbe93ac13

  • SHA512

    749174038409ad519527ae2f29200a1cc9a0ddd6d767e7d15f43053e9e6bb33578bce8739305aaf1e26ef34de1a0afb914bbe19a9a0ea6fc8036a8bee714da9b

  • SSDEEP

    3072:lahKyd2n3165U1SXdkLPdf/RVJzKEANr8qkCr:lahO7IsRVJz0rO

  Score

  10^/10

  persistenceicexloaderloader

  • Detects IceXLoader v3.0

  • icexloader

    IceXLoader is a downloader used to deliver other malware families.

    loadericexloader

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2