Extracted

• • Target

    testiescals.exe

  • Size

    3.9MB

  • MD5

    9b85b99c34bdf0099216fefe404321be

  • SHA1

    77af318afcbec23723b850478fecf8abe278a39a

  • SHA256

    b35787b524c38dc8470f490e07785e3d79529f30ea703e3eb998b95b53747f0b

  • SHA512

    2d3b351cc96c3cbcff25d9683fa2fe1ad324d77d4ef7949362d5c04ab298f30b83ec1ffa03c5afb142bf419680f351fd881b90d0e00757be3ae5816bcae2d223

  • SSDEEP

    49152:g61aa2cRAHlIYiCZFj+F81TdLJDdZoD+VYvsFtvRxZsUBW9Hn14Y6Qhgj3sxxURq:aVcqCYZW81TjNHM9s7j3sxxBuuD

  Score

  10^/10

  persistenceicarusstealerstealer

  • IcarusStealer

    Icarus is a modular stealer written in C# First adverts in July 2022.

    stealericarusstealer

  • Modifies Installed Components in the registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2