icexloader | 2ce02f14a85c2642cf3ac002fea418a3f5320d0de0cc065f0b0f1bfdf339cb59 | Triage

Sharing

General

Target

2ce02f14a85c2642cf3ac002fea418a3f5320d0de0cc065f0b0f1bfdf339cb59.bin.exe
Size

348KB
Sample

221110-bf3z8adef8
MD5

d6b21df8cae11de41a09ddc530a42c19
SHA1

17bf628c1ac85079b96638aad0ea0e74efe7f1d7
SHA256

2ce02f14a85c2642cf3ac002fea418a3f5320d0de0cc065f0b0f1bfdf339cb59
SHA512

9f209f1fa036ca59dce5ae4c6a4ce1ebcaf9fa4c2e000089936ca6ea1f290b5f9653ac69f57b12d4cd0a35b1e15a874269b6ad303a1333769df77dd24bbbdcc3
SSDEEP

6144:XbslI7T8AzZV2MYORbAV9bQdnXgfyVQhAyPlb/2:XbvIkEMtiQdwfyVQhAyPlb/2

Score

10^/10

icexloader loader persistence

Malware Config

Extracted

Family

icexloader

C2

http://iceten.top/icex/Script.php

Targets

- Target
  
  2ce02f14a85c2642cf3ac002fea418a3f5320d0de0cc065f0b0f1bfdf339cb59.bin.exe
- Size
  
  348KB
- MD5
  
  d6b21df8cae11de41a09ddc530a42c19
- SHA1
  
  17bf628c1ac85079b96638aad0ea0e74efe7f1d7
- SHA256
  
  2ce02f14a85c2642cf3ac002fea418a3f5320d0de0cc065f0b0f1bfdf339cb59
- SHA512
  
  9f209f1fa036ca59dce5ae4c6a4ce1ebcaf9fa4c2e000089936ca6ea1f290b5f9653ac69f57b12d4cd0a35b1e15a874269b6ad303a1333769df77dd24bbbdcc3
- SSDEEP
  
  6144:XbslI7T8AzZV2MYORbAV9bQdnXgfyVQhAyPlb/2:XbvIkEMtiQdwfyVQhAyPlb/2
Score

10^/10

icexloader loader persistence
- icexloader
  IceXLoader is a downloader used to deliver other malware families.
  loader icexloader
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icexloaderloaderpersistence

behavioral2

icexloaderloaderpersistence