Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
svchost.exe
-
Size
494KB
-
Sample
240309-swressbg6z
-
MD5
65c2533608f1aad7e7780b1b705f6717
-
SHA1
688bd80975cede811e57d3b1d197eae97ebc4bde
-
SHA256
ade93fc6c27fa1b57d864ebbcea4cec99bfb8556115496051bc8a10b0efde04d
-
SHA512
77c409d60f60eb55062175c16b955fe5b71e7eb4f438c781f60dc010f8b88cdd21d068c0295e937bd478ecc2c94179e30479565f6a87f092d16dadcbbdbc785b
-
SSDEEP
12288:ZoXzSuLut6N6LqQzJqkKAulc84bYBbuB1t4cWWzDKuVAccIpGNJ+QK:+uZ6N6LqQzJqkt
Static task
static1
Behavioral task
behavioral1
Sample
svchost.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
icarusstealer
-
payload_url
https://blackhatsec.org/add.jpg
https://blackhatsec.org/remove.jpg
Targets
-
-
Target
svchost.exe
-
Size
494KB
-
MD5
65c2533608f1aad7e7780b1b705f6717
-
SHA1
688bd80975cede811e57d3b1d197eae97ebc4bde
-
SHA256
ade93fc6c27fa1b57d864ebbcea4cec99bfb8556115496051bc8a10b0efde04d
-
SHA512
77c409d60f60eb55062175c16b955fe5b71e7eb4f438c781f60dc010f8b88cdd21d068c0295e937bd478ecc2c94179e30479565f6a87f092d16dadcbbdbc785b
-
SSDEEP
12288:ZoXzSuLut6N6LqQzJqkKAulc84bYBbuB1t4cWWzDKuVAccIpGNJ+QK:+uZ6N6LqQzJqkt
Score10/10-
IcarusStealer
Icarus is a modular stealer written in C# First adverts in July 2022.
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-