Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
switched_1.exe
-
Size
3.7MB
-
Sample
240308-b5tsvach4w
-
MD5
b9bbe31d276de5c3d05352d070ae4244
-
SHA1
5e1bb67b01c579b4e0ad5a7475ceb657201c27ec
-
SHA256
a01977e758a85dc01fb8ca7da9110adfe5bf9b9bec0af1db82741fe83d20408d
-
SHA512
0a3459690bfdf8d238cb6f27c650903659c12aa589bcba037a45c68287342f53ca5c1e1b307a0abd8d481f79e3df6bd994cce6a79258343627aa7b3209b0ed17
-
SSDEEP
49152:tYDJ4w53qs7fg442ZvkOlVdP8iFoh/dYINv7sq8:e4u3cV/gHP8X1hNv7
Static task
static1
Behavioral task
behavioral1
Sample
switched_1.exe
Resource
win10-20240221-en
Behavioral task
behavioral2
Sample
switched_1.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
switched_1.exe
Resource
win11-20240221-en
Malware Config
Extracted
icarusstealer
-
payload_url
https://blackhatsec.org/add.jpg
https://blackhatsec.org/remove.jpg
Targets
-
-
Target
switched_1.exe
-
Size
3.7MB
-
MD5
b9bbe31d276de5c3d05352d070ae4244
-
SHA1
5e1bb67b01c579b4e0ad5a7475ceb657201c27ec
-
SHA256
a01977e758a85dc01fb8ca7da9110adfe5bf9b9bec0af1db82741fe83d20408d
-
SHA512
0a3459690bfdf8d238cb6f27c650903659c12aa589bcba037a45c68287342f53ca5c1e1b307a0abd8d481f79e3df6bd994cce6a79258343627aa7b3209b0ed17
-
SSDEEP
49152:tYDJ4w53qs7fg442ZvkOlVdP8iFoh/dYINv7sq8:e4u3cV/gHP8X1hNv7
Score10/10-
IcarusStealer
Icarus is a modular stealer written in C# First adverts in July 2022.
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-