icarusstealer | b4e2bf50cf2984569728c14665f752183ae9e587c0851aad3f362be00cabe3d4 | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

397KB
Sample

230508-j5devshe94
MD5

0301483cc8508f663c162b2bfe0e3bac
SHA1

9b8d6de28f47799e4af7501b3a87d723b04eaa94
SHA256

b4e2bf50cf2984569728c14665f752183ae9e587c0851aad3f362be00cabe3d4
SHA512

bde8dfd6e0be958787ebf776e93b5060390232f0235888363a9013c1b1eaca5ba9a49b30a3b3f29fd9600866b9be993037d3c55ca93f94fcdab90c2b7082291d
SSDEEP

6144:P7JJ2cBPQbp6ZHGBnqmTysu0oHIWUNoyy/1:XRBPJZHGBnqmTysu0oHIWUNoyy/1

Score

10^/10

icarusstealer persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20230220-en

icarusstealer persistence stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20230220-en

icarusstealer persistence stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

icarusstealer

Attributes

payload_url
https://raw.githubusercontent.com/HiddenEyeZ/tg/main/rt.jpg

Targets

- Target
  
  file.exe
- Size
  
  397KB
- MD5
  
  0301483cc8508f663c162b2bfe0e3bac
- SHA1
  
  9b8d6de28f47799e4af7501b3a87d723b04eaa94
- SHA256
  
  b4e2bf50cf2984569728c14665f752183ae9e587c0851aad3f362be00cabe3d4
- SHA512
  
  bde8dfd6e0be958787ebf776e93b5060390232f0235888363a9013c1b1eaca5ba9a49b30a3b3f29fd9600866b9be993037d3c55ca93f94fcdab90c2b7082291d
- SSDEEP
  
  6144:P7JJ2cBPQbp6ZHGBnqmTysu0oHIWUNoyy/1:XRBPJZHGBnqmTysu0oHIWUNoyy/1
Score

10^/10

icarusstealer persistence stealer
- IcarusStealer
  Icarus is a modular stealer written in C# First adverts in July 2022.
  stealer icarusstealer
- Modifies WinLogon for persistence
  persistence
- Modifies Installed Components in the registry
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

icarusstealerpersistencestealer

behavioral2

icarusstealerpersistencestealer

© 2018-2024

Terms | Privacy