icexloader | f2900040b4ebfea4bc66d638e1986b8b5c4ca3ed5e135c23cc4b426f17db143a | Triage

Sharing

General

Target

f2900040b4ebfea4bc66d638e1986b8b5c4ca3ed5e135c23cc4b426f17db143a.bin
Size

348KB
Sample

221110-bhds4sdeh3
MD5

10bbabdde9fc09a120347f53cff6e024
SHA1

f4ae8ba0acb5a0e51f2098dc406690ac5697a66f
SHA256

f2900040b4ebfea4bc66d638e1986b8b5c4ca3ed5e135c23cc4b426f17db143a
SHA512

9d6bdc2aec727f5e1abcacd261984a365419e1b6909ab60c6864945ee6e5c803468e70d3883af47ba3155540154ad71ccad67fcdb5b81525a0c22a360c5a6567
SSDEEP

6144:8hf/YQ9FZtNMYORbGB9lBkQiYfyVQhAyPlI/2:8hB1bMtCBk2fyVQhAyPlI/2

Score

10^/10

icexloader loader persistence

Malware Config

Extracted

Family

icexloader

C2

https://oxygen.danshiva.com/Script.php

Targets

- Target
  
  f2900040b4ebfea4bc66d638e1986b8b5c4ca3ed5e135c23cc4b426f17db143a.bin
- Size
  
  348KB
- MD5
  
  10bbabdde9fc09a120347f53cff6e024
- SHA1
  
  f4ae8ba0acb5a0e51f2098dc406690ac5697a66f
- SHA256
  
  f2900040b4ebfea4bc66d638e1986b8b5c4ca3ed5e135c23cc4b426f17db143a
- SHA512
  
  9d6bdc2aec727f5e1abcacd261984a365419e1b6909ab60c6864945ee6e5c803468e70d3883af47ba3155540154ad71ccad67fcdb5b81525a0c22a360c5a6567
- SSDEEP
  
  6144:8hf/YQ9FZtNMYORbGB9lBkQiYfyVQhAyPlI/2:8hB1bMtCBk2fyVQhAyPlI/2
Score

10^/10

icexloader loader persistence
- icexloader
  IceXLoader is a downloader used to deliver other malware families.
  loader icexloader
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icexloaderloaderpersistence

behavioral2

icexloaderloaderpersistence