Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
testiescals.exe
-
Size
3.9MB
-
Sample
240309-d5m2eacc73
-
MD5
9b85b99c34bdf0099216fefe404321be
-
SHA1
77af318afcbec23723b850478fecf8abe278a39a
-
SHA256
b35787b524c38dc8470f490e07785e3d79529f30ea703e3eb998b95b53747f0b
-
SHA512
2d3b351cc96c3cbcff25d9683fa2fe1ad324d77d4ef7949362d5c04ab298f30b83ec1ffa03c5afb142bf419680f351fd881b90d0e00757be3ae5816bcae2d223
-
SSDEEP
49152:g61aa2cRAHlIYiCZFj+F81TdLJDdZoD+VYvsFtvRxZsUBW9Hn14Y6Qhgj3sxxURq:aVcqCYZW81TjNHM9s7j3sxxBuuD
Static task
static1
Behavioral task
behavioral1
Sample
testiescals.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
testiescals.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
icarusstealer
-
payload_url
https://blackhatsec.org/add.jpg
https://blackhatsec.org/remove.jpg
Targets
-
-
Target
testiescals.exe
-
Size
3.9MB
-
MD5
9b85b99c34bdf0099216fefe404321be
-
SHA1
77af318afcbec23723b850478fecf8abe278a39a
-
SHA256
b35787b524c38dc8470f490e07785e3d79529f30ea703e3eb998b95b53747f0b
-
SHA512
2d3b351cc96c3cbcff25d9683fa2fe1ad324d77d4ef7949362d5c04ab298f30b83ec1ffa03c5afb142bf419680f351fd881b90d0e00757be3ae5816bcae2d223
-
SSDEEP
49152:g61aa2cRAHlIYiCZFj+F81TdLJDdZoD+VYvsFtvRxZsUBW9Hn14Y6Qhgj3sxxURq:aVcqCYZW81TjNHM9s7j3sxxBuuD
Score10/10-
IcarusStealer
Icarus is a modular stealer written in C# First adverts in July 2022.
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-