Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    svchost.exe

  • Size

    494KB

  • Sample

    240309-swressbg6z

  • MD5

    65c2533608f1aad7e7780b1b705f6717

  • SHA1

    688bd80975cede811e57d3b1d197eae97ebc4bde

  • SHA256

    ade93fc6c27fa1b57d864ebbcea4cec99bfb8556115496051bc8a10b0efde04d

  • SHA512

    77c409d60f60eb55062175c16b955fe5b71e7eb4f438c781f60dc010f8b88cdd21d068c0295e937bd478ecc2c94179e30479565f6a87f092d16dadcbbdbc785b

  • SSDEEP

    12288:ZoXzSuLut6N6LqQzJqkKAulc84bYBbuB1t4cWWzDKuVAccIpGNJ+QK:+uZ6N6LqQzJqkt

Malware Config

Extracted

Family

icarusstealer

Attributes
  • payload_url

    https://blackhatsec.org/add.jpg

    https://blackhatsec.org/remove.jpg

Targets

    • Target

      svchost.exe

    • Size

      494KB

    • MD5

      65c2533608f1aad7e7780b1b705f6717

    • SHA1

      688bd80975cede811e57d3b1d197eae97ebc4bde

    • SHA256

      ade93fc6c27fa1b57d864ebbcea4cec99bfb8556115496051bc8a10b0efde04d

    • SHA512

      77c409d60f60eb55062175c16b955fe5b71e7eb4f438c781f60dc010f8b88cdd21d068c0295e937bd478ecc2c94179e30479565f6a87f092d16dadcbbdbc785b

    • SSDEEP

      12288:ZoXzSuLut6N6LqQzJqkKAulc84bYBbuB1t4cWWzDKuVAccIpGNJ+QK:+uZ6N6LqQzJqkt

    • IcarusStealer

      Icarus is a modular stealer written in C# First adverts in July 2022.

    • Modifies Installed Components in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.