icarusstealer | 086e5a0d6feaae1da9a93b7eccf5f897e13713e58cc6a2ba532ee7fb76be0cef | Triage

Submit
Reports

Overview

overview

Static

static

1

Netflix Checker.exe

windows7-x64

Netflix Checker.exe

windows10-2004-x64

Sharing

General

Target

Netflix Checker.exe.bin
Size

643KB
Sample

230501-yldc3sgb73
MD5

9c1f23b29ee709485823ccf2eb6c5037
SHA1

f68f8a0a7895c5a2dec90b86b735b9e3e45f07e0
SHA256

086e5a0d6feaae1da9a93b7eccf5f897e13713e58cc6a2ba532ee7fb76be0cef
SHA512

48c88a3ae5374f414c416553b0ade380c4201bc3f0eb7955acc5109ace800ff702d96ca87106fb249366f495aa1d28a239a303c2220d08169cd62fe91ad5745d
SSDEEP

12288:eXAgyuLut6N6LqQzJqkKAulc84bYBbuB1t4cWWzDKuVAccIpGNJ+QD:WkZ6N6LqQzJqk0

Score

10^/10

icarusstealer redline infostealer persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

Netflix Checker.exe

Resource

win7-20230220-en

icarusstealer persistence stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

Netflix Checker.exe

Resource

win10v2004-20230220-en

icarusstealer redline infostealer persistence stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

icarusstealer

Attributes

payload_url
https://blackhatsec.org/add.jpg

https://blackhatsec.org/remove.jpg

Targets

- Target
  
  Netflix Checker.exe.bin
- Size
  
  643KB
- MD5
  
  9c1f23b29ee709485823ccf2eb6c5037
- SHA1
  
  f68f8a0a7895c5a2dec90b86b735b9e3e45f07e0
- SHA256
  
  086e5a0d6feaae1da9a93b7eccf5f897e13713e58cc6a2ba532ee7fb76be0cef
- SHA512
  
  48c88a3ae5374f414c416553b0ade380c4201bc3f0eb7955acc5109ace800ff702d96ca87106fb249366f495aa1d28a239a303c2220d08169cd62fe91ad5745d
- SSDEEP
  
  12288:eXAgyuLut6N6LqQzJqkKAulc84bYBbuB1t4cWWzDKuVAccIpGNJ+QD:WkZ6N6LqQzJqk0
Score

10^/10

icarusstealer persistence stealer redline infostealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- IcarusStealer
  Icarus is a modular stealer written in C# First adverts in July 2022.
  stealer icarusstealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

icarusstealerpersistencestealer

behavioral2

icarusstealerredlineinfostealerpersistencestealer

© 2018-2024

Terms | Privacy