Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Lol.exe
-
Size
494KB
-
Sample
240308-zvxczsga96
-
MD5
02d13710a5a788759319df4d64b95c17
-
SHA1
166121845fb2f40cc9febc35dea432696e388bec
-
SHA256
5422c44ddaea8b411bd457cd24c33c1c1fa8eed02dbdb35338da412f2be1dd33
-
SHA512
0a0a9c7ef30d0d3e71141684e796cfc78eb9d4689e37ae6d66123dfdd8a12df55dd424c47cd1d75068c6b8ff16512da2d607b69a6bc6cbcfba01b8063311171c
-
SSDEEP
12288:zhGwluLut6N6LqQzJqkKAulc84bYBbuB1t4cWWzDKuVAccIpGNJ+QY:VBZ6N6LqQzJqk/
Static task
static1
Behavioral task
behavioral1
Sample
Lol.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Lol.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
icarusstealer
-
payload_url
https://blackhatsec.org/add.jpg
https://blackhatsec.org/remove.jpg
Targets
-
-
Target
Lol.exe
-
Size
494KB
-
MD5
02d13710a5a788759319df4d64b95c17
-
SHA1
166121845fb2f40cc9febc35dea432696e388bec
-
SHA256
5422c44ddaea8b411bd457cd24c33c1c1fa8eed02dbdb35338da412f2be1dd33
-
SHA512
0a0a9c7ef30d0d3e71141684e796cfc78eb9d4689e37ae6d66123dfdd8a12df55dd424c47cd1d75068c6b8ff16512da2d607b69a6bc6cbcfba01b8063311171c
-
SSDEEP
12288:zhGwluLut6N6LqQzJqkKAulc84bYBbuB1t4cWWzDKuVAccIpGNJ+QY:VBZ6N6LqQzJqk/
Score10/10-
IcarusStealer
Icarus is a modular stealer written in C# First adverts in July 2022.
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-