icarusstealer | 086e5a0d6feaae1da9a93b7eccf5f897e13713e58cc6a2ba532ee7fb76be0cef | Triage

Submit
Reports

Overview

overview

Static

static

1

Netflix Checker.exe

windows10-1703-x64

Sharing

General

Target

Netflix Checker.exe
Size

643KB
Sample

230425-mhwvgahh39
MD5

9c1f23b29ee709485823ccf2eb6c5037
SHA1

f68f8a0a7895c5a2dec90b86b735b9e3e45f07e0
SHA256

086e5a0d6feaae1da9a93b7eccf5f897e13713e58cc6a2ba532ee7fb76be0cef
SHA512

48c88a3ae5374f414c416553b0ade380c4201bc3f0eb7955acc5109ace800ff702d96ca87106fb249366f495aa1d28a239a303c2220d08169cd62fe91ad5745d
SSDEEP

12288:eXAgyuLut6N6LqQzJqkKAulc84bYBbuB1t4cWWzDKuVAccIpGNJ+QD:WkZ6N6LqQzJqk0

Score

10^/10

icarusstealer persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

Netflix Checker.exe

Resource

win10-20230220-en

icarusstealer persistence stealer

windows10-1703-x64

15 signatures

120 seconds

Malware Config

Extracted

Family

icarusstealer

Attributes

payload_url
https://blackhatsec.org/add.jpg
https://blackhatsec.org/remove.jpg

Targets

- Target
  
  Netflix Checker.exe
- Size
  
  643KB
- MD5
  
  9c1f23b29ee709485823ccf2eb6c5037
- SHA1
  
  f68f8a0a7895c5a2dec90b86b735b9e3e45f07e0
- SHA256
  
  086e5a0d6feaae1da9a93b7eccf5f897e13713e58cc6a2ba532ee7fb76be0cef
- SHA512
  
  48c88a3ae5374f414c416553b0ade380c4201bc3f0eb7955acc5109ace800ff702d96ca87106fb249366f495aa1d28a239a303c2220d08169cd62fe91ad5745d
- SSDEEP
  
  12288:eXAgyuLut6N6LqQzJqkKAulc84bYBbuB1t4cWWzDKuVAccIpGNJ+QD:WkZ6N6LqQzJqk0
Score

10^/10

icarusstealer persistence stealer
- IcarusStealer
  Icarus is a modular stealer written in C# First adverts in July 2022.
  stealer icarusstealer
- Modifies Installed Components in the registry
  persistence
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

icarusstealerpersistencestealer

© 2018-2024

Terms | Privacy