icexloader | 0feba92ff632640e738c770d3eb69ee1e287a54fb86c50bbcd2d0a9114b8539c | Triage

Submit
Reports

Overview

overview

Static

static

0feba92ff6...in.exe

windows7-x64

0feba92ff6...in.exe

windows10-2004-x64

Sharing

General

Target

0feba92ff632640e738c770d3eb69ee1e287a54fb86c50bbcd2d0a9114b8539c.bin.exe
Size

388KB
Sample

221110-bf3z8afcen
MD5

dc3da04d1159f3db53d4e205d214edb2
SHA1

169892fe651e572a0a50708dfd06201d42f57662
SHA256

0feba92ff632640e738c770d3eb69ee1e287a54fb86c50bbcd2d0a9114b8539c
SHA512

fcb2a1b54493f8935d9b71e28209f6c48bfe375acfbb7664cf1ff6e39595e8b1dfed6173d440b2749a44bbb490a848ca52daaad1145ec0a63a9965b11ec29d5d
SSDEEP

6144:k9rI7T8AzZV2MYORbAV9bQdnXgfyVQhAyPlb/F+bs7:LIkEMtiQdwfyVQhAyPlb/wby

Score

10^/10

icexloader neshta loader persistence spyware stealer

Static task

static1

icexloader neshta

4 signatures

Behavioral task

behavioral1

Sample

0feba92ff632640e738c770d3eb69ee1e287a54fb86c50bbcd2d0a9114b8539c.bin.exe

Resource

win7-20220812-en

icexloader neshta loader persistence spyware stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

0feba92ff632640e738c770d3eb69ee1e287a54fb86c50bbcd2d0a9114b8539c.bin.exe

Resource

win10v2004-20220901-en

icexloader neshta loader persistence spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

icexloader

C2

http://iceten.top/icex/Script.php

Targets

- Target
  
  0feba92ff632640e738c770d3eb69ee1e287a54fb86c50bbcd2d0a9114b8539c.bin.exe
- Size
  
  388KB
- MD5
  
  dc3da04d1159f3db53d4e205d214edb2
- SHA1
  
  169892fe651e572a0a50708dfd06201d42f57662
- SHA256
  
  0feba92ff632640e738c770d3eb69ee1e287a54fb86c50bbcd2d0a9114b8539c
- SHA512
  
  fcb2a1b54493f8935d9b71e28209f6c48bfe375acfbb7664cf1ff6e39595e8b1dfed6173d440b2749a44bbb490a848ca52daaad1145ec0a63a9965b11ec29d5d
- SSDEEP
  
  6144:k9rI7T8AzZV2MYORbAV9bQdnXgfyVQhAyPlb/F+bs7:LIkEMtiQdwfyVQhAyPlb/wby
Score

10^/10

icexloader neshta loader persistence spyware stealer
- Detects IceXLoader v3.0
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- icexloader
  IceXLoader is a downloader used to deliver other malware families.
  loader icexloader
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

icexloaderneshta

behavioral1

icexloaderneshtaloaderpersistencespywarestealer

behavioral2

icexloaderneshtaloaderpersistencespywarestealer

© 2018-2025

Terms | Privacy