Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Lol.exe

  • Size

    494KB

  • Sample

    240308-zvxczsga96

  • MD5

    02d13710a5a788759319df4d64b95c17

  • SHA1

    166121845fb2f40cc9febc35dea432696e388bec

  • SHA256

    5422c44ddaea8b411bd457cd24c33c1c1fa8eed02dbdb35338da412f2be1dd33

  • SHA512

    0a0a9c7ef30d0d3e71141684e796cfc78eb9d4689e37ae6d66123dfdd8a12df55dd424c47cd1d75068c6b8ff16512da2d607b69a6bc6cbcfba01b8063311171c

  • SSDEEP

    12288:zhGwluLut6N6LqQzJqkKAulc84bYBbuB1t4cWWzDKuVAccIpGNJ+QY:VBZ6N6LqQzJqk/

Malware Config

Extracted

Family

icarusstealer

Attributes
  • payload_url

    https://blackhatsec.org/add.jpg

    https://blackhatsec.org/remove.jpg

Targets

    • Target

      Lol.exe

    • Size

      494KB

    • MD5

      02d13710a5a788759319df4d64b95c17

    • SHA1

      166121845fb2f40cc9febc35dea432696e388bec

    • SHA256

      5422c44ddaea8b411bd457cd24c33c1c1fa8eed02dbdb35338da412f2be1dd33

    • SHA512

      0a0a9c7ef30d0d3e71141684e796cfc78eb9d4689e37ae6d66123dfdd8a12df55dd424c47cd1d75068c6b8ff16512da2d607b69a6bc6cbcfba01b8063311171c

    • SSDEEP

      12288:zhGwluLut6N6LqQzJqkKAulc84bYBbuB1t4cWWzDKuVAccIpGNJ+QY:VBZ6N6LqQzJqk/

    • IcarusStealer

      Icarus is a modular stealer written in C# First adverts in July 2022.

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.