Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    switched_1.exe

  • Size

    3.7MB

  • Sample

    240308-b6me6ach6y

  • MD5

    b9bbe31d276de5c3d05352d070ae4244

  • SHA1

    5e1bb67b01c579b4e0ad5a7475ceb657201c27ec

  • SHA256

    a01977e758a85dc01fb8ca7da9110adfe5bf9b9bec0af1db82741fe83d20408d

  • SHA512

    0a3459690bfdf8d238cb6f27c650903659c12aa589bcba037a45c68287342f53ca5c1e1b307a0abd8d481f79e3df6bd994cce6a79258343627aa7b3209b0ed17

  • SSDEEP

    49152:tYDJ4w53qs7fg442ZvkOlVdP8iFoh/dYINv7sq8:e4u3cV/gHP8X1hNv7

Malware Config

Extracted

Family

icarusstealer

Attributes
  • payload_url

    https://blackhatsec.org/add.jpg

    https://blackhatsec.org/remove.jpg

Targets

    • Target

      switched_1.exe

    • Size

      3.7MB

    • MD5

      b9bbe31d276de5c3d05352d070ae4244

    • SHA1

      5e1bb67b01c579b4e0ad5a7475ceb657201c27ec

    • SHA256

      a01977e758a85dc01fb8ca7da9110adfe5bf9b9bec0af1db82741fe83d20408d

    • SHA512

      0a3459690bfdf8d238cb6f27c650903659c12aa589bcba037a45c68287342f53ca5c1e1b307a0abd8d481f79e3df6bd994cce6a79258343627aa7b3209b0ed17

    • SSDEEP

      49152:tYDJ4w53qs7fg442ZvkOlVdP8iFoh/dYINv7sq8:e4u3cV/gHP8X1hNv7

    • IcarusStealer

      Icarus is a modular stealer written in C# First adverts in July 2022.

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks