icexloader | 29c7d7d36a0c8acec88ff7aa34adc0f9240270a85e330fd2336408e1f0d52c21 | Triage

Sharing

General

Target

29c7d7d36a0c8acec88ff7aa34adc0f9240270a85e330fd2336408e1f0d52c21.bin.exe
Size

347KB
Sample

221110-bf3z8afcep
MD5

799a7f1507e5e7328081a038987e9a6f
SHA1

7cd8dce5c61cda4e13b5865b67a7fb846ef9a627
SHA256

29c7d7d36a0c8acec88ff7aa34adc0f9240270a85e330fd2336408e1f0d52c21
SHA512

a3f5a920dd53d31facb81fc5842654e53ad53d3bf6a0f935e9b152540a4b42e9a7da6e56e1243f914854ad0d1611646b8e98fe6ef725dff48c96715cdcc68197
SSDEEP

6144:ibslI7wgOZ1WMYORbmV9bAq11yVQhAyPl7/s:ibvwBEMtQAM1yVQhAyPl7/s

Score

10^/10

icexloader persistence

Malware Config

Extracted

Family

icexloader

C2

http://45.155.165.151/Server/Script.php

Targets

- Target
  
  29c7d7d36a0c8acec88ff7aa34adc0f9240270a85e330fd2336408e1f0d52c21.bin.exe
- Size
  
  347KB
- MD5
  
  799a7f1507e5e7328081a038987e9a6f
- SHA1
  
  7cd8dce5c61cda4e13b5865b67a7fb846ef9a627
- SHA256
  
  29c7d7d36a0c8acec88ff7aa34adc0f9240270a85e330fd2336408e1f0d52c21
- SHA512
  
  a3f5a920dd53d31facb81fc5842654e53ad53d3bf6a0f935e9b152540a4b42e9a7da6e56e1243f914854ad0d1611646b8e98fe6ef725dff48c96715cdcc68197
- SSDEEP
  
  6144:ibslI7wgOZ1WMYORbmV9bAq11yVQhAyPl7/s:ibvwBEMtQAM1yVQhAyPl7/s
Score

7^/10

persistence
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2