General
-
Target
2024-04-04_2c72b65665d34efba097fa6128d825bd_icedid_xrat
-
Size
4.7MB
-
Sample
240404-asb7lahc7s
-
MD5
2c72b65665d34efba097fa6128d825bd
-
SHA1
b1c26f09d946c2ce568c05588a18a2d6dc7b64d7
-
SHA256
4730e887f11522e44593c9b86d221b3c8465570b25db28dfb071c345266b5fd9
-
SHA512
29de2fc57640d1a6355bb6945cebe0e945bfa46d2c165f9710279a0c6e086566e67aae8e5da342bea31216195dfd1fcbefa5605b6ed6c159e2c3d7dd8379df35
-
SSDEEP
98304:3FMUxv9jU6vr22SsaNYfdPBldt6+dBcjHtKRJ6BKIbzZcIbzZY:dHM7jGIhRK
Behavioral task
behavioral1
Sample
2024-04-04_2c72b65665d34efba097fa6128d825bd_icedid_xrat.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
Office04
mx5.deitie.asia:4495
ebbf737a-dddd-43dd-9b0a-74831302455d
-
encryption_key
F8516D89A1DFD78BD8FF575BBC3AE828B47FF0E1
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
2024-04-04_2c72b65665d34efba097fa6128d825bd_icedid_xrat
-
Size
4.7MB
-
MD5
2c72b65665d34efba097fa6128d825bd
-
SHA1
b1c26f09d946c2ce568c05588a18a2d6dc7b64d7
-
SHA256
4730e887f11522e44593c9b86d221b3c8465570b25db28dfb071c345266b5fd9
-
SHA512
29de2fc57640d1a6355bb6945cebe0e945bfa46d2c165f9710279a0c6e086566e67aae8e5da342bea31216195dfd1fcbefa5605b6ed6c159e2c3d7dd8379df35
-
SSDEEP
98304:3FMUxv9jU6vr22SsaNYfdPBldt6+dBcjHtKRJ6BKIbzZcIbzZY:dHM7jGIhRK
-
Quasar payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-