Overview

overview

10

Static

static

10

Opus.exe

windows7-x64

10

Opus.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Opus.exe

  • Size

    348KB

  • Sample

    221109-zpkf8sdgcm

  • MD5

    96bdd68cfa84ba3d7390b4e172837370

  • SHA1

    f3f5908c8138881e04db463a78172ca510073788

  • SHA256

    0911819d0e050ddc5884ea40b4b39a716a7ef8de0179d0dfded9f043546cede9

  • SHA512

    17775d7dbf6776620f59a0a2f4ea2753a4ddf39a9b05e7f2d28dae2e48a809c8aa30382d5fdddff70c76d948f6a1991a1585271e3b820576feb18825b178f4b0

  • SSDEEP

    6144:cbslI7IBoZ1jMYORbxV9b+WvHfyVQhAyPl//2:cbvII1MtD+WffyVQhAyPl//2

Score
10/10
icexloaderloaderpersistence

Malware Config

Extracted

Family

icexloader

C2

http://stealthelite.one/magnumopus/Script.php

Targets

    • Target

      Opus.exe

    • Size

      348KB

    • MD5

      96bdd68cfa84ba3d7390b4e172837370

    • SHA1

      f3f5908c8138881e04db463a78172ca510073788

    • SHA256

      0911819d0e050ddc5884ea40b4b39a716a7ef8de0179d0dfded9f043546cede9

    • SHA512

      17775d7dbf6776620f59a0a2f4ea2753a4ddf39a9b05e7f2d28dae2e48a809c8aa30382d5fdddff70c76d948f6a1991a1585271e3b820576feb18825b178f4b0

    • SSDEEP

      6144:cbslI7IBoZ1jMYORbxV9b+WvHfyVQhAyPl//2:cbvII1MtD+WffyVQhAyPl//2

    Score
    10/10
    icexloaderloaderpersistence

    • Detects IceXLoader v3.0

    • icexloader

      IceXLoader is a downloader used to deliver other malware families.

      loadericexloader

    • Executes dropped EXE

    • Deletes itself

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks