icarusstealer | bb86e41bb6d5eccad1ff84ab343506f4f5fcd78b0618966edc0ae0e05fcc8683 | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

Target

bb86e41bb6d5eccad1ff84ab343506f4f5fcd78b0618966edc0ae0e05fcc8683
Size

517KB
Sample

230418-eqa9qshe95
MD5

4c9bc0e73872ba91b88fda7a45e5379a
SHA1

be23cf7d356b13a3f233c6b3d807854e8083bd2d
SHA256

bb86e41bb6d5eccad1ff84ab343506f4f5fcd78b0618966edc0ae0e05fcc8683
SHA512

fb43f2b6d534cdf7d12d0ea66223f32f4d322a36aaf883c4750cb6ca3407d72298e4fd7b5cdeee709d4aa722cd5908f9c046297f422228c25d2f883e505d8681
SSDEEP

12288:g63AO33JW7oEKY8AZF1+THsPXF3L2LY5ZKhbQvpM2gv1aXlA/Z0BaxL2o:g6X35W7oEKY840H

Score

10^/10

icarusstealer persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bb86e41bb6d5eccad1ff84ab343506f4f5fcd78b0618966edc0ae0e05fcc8683.exe

Resource

win7-20230220-en

icarusstealer persistence stealer

windows7-x64

9 signatures

300 seconds

Behavioral task

behavioral2

Sample

bb86e41bb6d5eccad1ff84ab343506f4f5fcd78b0618966edc0ae0e05fcc8683.exe

Resource

win10-20230220-en

icarusstealer persistence stealer

windows10-1703-x64

15 signatures

300 seconds

Malware Config

Extracted

Family

icarusstealer

C2

5.75.162.221

Attributes

payload_url
http://193.31.116.239/crypt/public/Update_Downloads/patata.jpg

Targets

- Target
  
  bb86e41bb6d5eccad1ff84ab343506f4f5fcd78b0618966edc0ae0e05fcc8683
- Size
  
  517KB
- MD5
  
  4c9bc0e73872ba91b88fda7a45e5379a
- SHA1
  
  be23cf7d356b13a3f233c6b3d807854e8083bd2d
- SHA256
  
  bb86e41bb6d5eccad1ff84ab343506f4f5fcd78b0618966edc0ae0e05fcc8683
- SHA512
  
  fb43f2b6d534cdf7d12d0ea66223f32f4d322a36aaf883c4750cb6ca3407d72298e4fd7b5cdeee709d4aa722cd5908f9c046297f422228c25d2f883e505d8681
- SSDEEP
  
  12288:g63AO33JW7oEKY8AZF1+THsPXF3L2LY5ZKhbQvpM2gv1aXlA/Z0BaxL2o:g6X35W7oEKY840H
Score

10^/10

icarusstealer persistence stealer
- IcarusStealer
  Icarus is a modular stealer written in C# First adverts in July 2022.
  stealer icarusstealer
- Modifies Installed Components in the registry
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icarusstealerpersistencestealer

behavioral2

icarusstealerpersistencestealer

© 2018-2025

Terms | Privacy