General
-
Target
2024-04-11_11ac8632bfdc6befcb2e450c8cfba019_icedid_xrat
-
Size
4.7MB
-
Sample
240411-aqbhaafc88
-
MD5
11ac8632bfdc6befcb2e450c8cfba019
-
SHA1
5a73cdcaf4f77f351fe19542d79a329e7c217bb4
-
SHA256
071fed2284f56078a1f541e8f9915eb908548bef0548d8672e3237972423cbe9
-
SHA512
e99e82bc8343fc405c884f8be89a88ea09eb8194331639e59b95d371be689269d6fc92b15430426878865f7e8962e4d76a8e0edc8589861dbdefd34eea83a68d
-
SSDEEP
98304:mjN0SLc/vr22SsaNYfdPBldt6+dBcjHtKRJ6BMIbzZZIbzZR:HSI3M7jGIPsj
Behavioral task
behavioral1
Sample
2024-04-11_11ac8632bfdc6befcb2e450c8cfba019_icedid_xrat.exe
Resource
win7-20240220-en
Malware Config
Extracted
quasar
1.4.1
Office04
mx5.deitie.asia:4495
ebbf737a-dddd-43dd-9b0a-74831302455d
-
encryption_key
F8516D89A1DFD78BD8FF575BBC3AE828B47FF0E1
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
2024-04-11_11ac8632bfdc6befcb2e450c8cfba019_icedid_xrat
-
Size
4.7MB
-
MD5
11ac8632bfdc6befcb2e450c8cfba019
-
SHA1
5a73cdcaf4f77f351fe19542d79a329e7c217bb4
-
SHA256
071fed2284f56078a1f541e8f9915eb908548bef0548d8672e3237972423cbe9
-
SHA512
e99e82bc8343fc405c884f8be89a88ea09eb8194331639e59b95d371be689269d6fc92b15430426878865f7e8962e4d76a8e0edc8589861dbdefd34eea83a68d
-
SSDEEP
98304:mjN0SLc/vr22SsaNYfdPBldt6+dBcjHtKRJ6BMIbzZZIbzZR:HSI3M7jGIPsj
-
Quasar payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-