icarusstealer | ff29e8cc0a889635f65119d72308c5d9ff03902c7bd7872de888687047d8e714 | Triage

Submit
Reports

Overview

overview

Static

static

b4e2bf50cf...d4.exe

windows7-x64

b4e2bf50cf...d4.exe

windows10-2004-x64

Sharing

General

Target

b4e2bf50cf2984569728c14665f752183ae9e587c0851aad3f362be00cabe3d4.zip
Size

96KB
Sample

230508-tqh2xabe95
MD5

0c054701d6036db8985f4b14c977ad1e
SHA1

c46373b8ad7a21a15d2b73a1e536a56c48df64ef
SHA256

ff29e8cc0a889635f65119d72308c5d9ff03902c7bd7872de888687047d8e714
SHA512

279480f8bacd5862197a52cff903a7367b84955d8859523554fb43e496dbeac08a441e0879cf314d7e5d9bc5ef22446f9f1321687538f54f0ef42b84c1bdd1d7
SSDEEP

1536:n/7KErbhi2uqwQO75YJ1Fzork7Y4HojCEpzAHK8lUCmXA1jlfjXCGglMgE8v58TY:GMLX6aFzorknIjR0H3mCaA1peVtv5oM9

Score

10^/10

icarusstealer persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b4e2bf50cf2984569728c14665f752183ae9e587c0851aad3f362be00cabe3d4.exe

Resource

win7-20230220-en

icarusstealer persistence stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

b4e2bf50cf2984569728c14665f752183ae9e587c0851aad3f362be00cabe3d4.exe

Resource

win10v2004-20230220-en

icarusstealer persistence stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

icarusstealer

Attributes

payload_url
https://raw.githubusercontent.com/HiddenEyeZ/tg/main/rt.jpg

Targets

- Target
  
  b4e2bf50cf2984569728c14665f752183ae9e587c0851aad3f362be00cabe3d4.exe
- Size
  
  397KB
- MD5
  
  0301483cc8508f663c162b2bfe0e3bac
- SHA1
  
  9b8d6de28f47799e4af7501b3a87d723b04eaa94
- SHA256
  
  b4e2bf50cf2984569728c14665f752183ae9e587c0851aad3f362be00cabe3d4
- SHA512
  
  bde8dfd6e0be958787ebf776e93b5060390232f0235888363a9013c1b1eaca5ba9a49b30a3b3f29fd9600866b9be993037d3c55ca93f94fcdab90c2b7082291d
- SSDEEP
  
  6144:P7JJ2cBPQbp6ZHGBnqmTysu0oHIWUNoyy/1:XRBPJZHGBnqmTysu0oHIWUNoyy/1
Score

10^/10

icarusstealer persistence stealer
- IcarusStealer
  Icarus is a modular stealer written in C# First adverts in July 2022.
  stealer icarusstealer
- Modifies WinLogon for persistence
  persistence
- Modifies Installed Components in the registry
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

icarusstealerpersistencestealer

behavioral2

icarusstealerpersistencestealer

© 2018-2024

Terms | Privacy