General
-
Target
2024-01-01_862a7ef9e5d955ccc15d71090c6c569a_icedid_xrat
-
Size
4.7MB
-
Sample
240105-gf4jmsdfa3
-
MD5
862a7ef9e5d955ccc15d71090c6c569a
-
SHA1
3b9de7471f2fada3aa316ff781bd55b15f74d12b
-
SHA256
84d49466f2599b3ecc7cb706a04ae6924532b046fb9056e74fafddf6e332eea2
-
SHA512
5949c4b7f0ae3a9348a614e16cdf209051f08f97a8c98229adaef49cc2aa6f023c2f267748ff26cfe9b5221f579d1e39c19fd27551461875ba4b520b2f122aa3
-
SSDEEP
98304:gzwnGx9It5vH22SsaNYfdPBldt6+dBcjHk/bz0IbzZpIbzZY:SwY7jsbznAK
Behavioral task
behavioral1
Sample
2024-01-01_862a7ef9e5d955ccc15d71090c6c569a_icedid_xrat.exe
Resource
win7-20231215-en
Malware Config
Extracted
quasar
1.4.1
Office04
frp.deitie.asia:5555
b827dda2-f30e-4465-be3c-2f1d6a93d4a7
-
encryption_key
465C04B3B0E08D663A071A4F330370E7A7DAD7A4
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
2024-01-01_862a7ef9e5d955ccc15d71090c6c569a_icedid_xrat
-
Size
4.7MB
-
MD5
862a7ef9e5d955ccc15d71090c6c569a
-
SHA1
3b9de7471f2fada3aa316ff781bd55b15f74d12b
-
SHA256
84d49466f2599b3ecc7cb706a04ae6924532b046fb9056e74fafddf6e332eea2
-
SHA512
5949c4b7f0ae3a9348a614e16cdf209051f08f97a8c98229adaef49cc2aa6f023c2f267748ff26cfe9b5221f579d1e39c19fd27551461875ba4b520b2f122aa3
-
SSDEEP
98304:gzwnGx9It5vH22SsaNYfdPBldt6+dBcjHk/bz0IbzZpIbzZY:SwY7jsbznAK
-
Quasar payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-