Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Lol.exe

  • Size

    494KB

  • Sample

    240308-zvxczsga96

  • MD5

    02d13710a5a788759319df4d64b95c17

  • SHA1

    166121845fb2f40cc9febc35dea432696e388bec

  • SHA256

    5422c44ddaea8b411bd457cd24c33c1c1fa8eed02dbdb35338da412f2be1dd33

  • SHA512

    0a0a9c7ef30d0d3e71141684e796cfc78eb9d4689e37ae6d66123dfdd8a12df55dd424c47cd1d75068c6b8ff16512da2d607b69a6bc6cbcfba01b8063311171c

  • SSDEEP

    12288:zhGwluLut6N6LqQzJqkKAulc84bYBbuB1t4cWWzDKuVAccIpGNJ+QY:VBZ6N6LqQzJqk/

Malware Config

Extracted

Family

icarusstealer

Attributes
  • payload_url

    https://blackhatsec.org/add.jpg

    https://blackhatsec.org/remove.jpg

Targets

    • Target

      Lol.exe

    • Size

      494KB

    • MD5

      02d13710a5a788759319df4d64b95c17

    • SHA1

      166121845fb2f40cc9febc35dea432696e388bec

    • SHA256

      5422c44ddaea8b411bd457cd24c33c1c1fa8eed02dbdb35338da412f2be1dd33

    • SHA512

      0a0a9c7ef30d0d3e71141684e796cfc78eb9d4689e37ae6d66123dfdd8a12df55dd424c47cd1d75068c6b8ff16512da2d607b69a6bc6cbcfba01b8063311171c

    • SSDEEP

      12288:zhGwluLut6N6LqQzJqkKAulc84bYBbuB1t4cWWzDKuVAccIpGNJ+QY:VBZ6N6LqQzJqk/

    • IcarusStealer

      Icarus is a modular stealer written in C# First adverts in July 2022.

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks