General
-
Target
2024-04-11_7157bb4fd707d8feb0688e02de58e2f6_icedid_xrat
-
Size
4.7MB
-
Sample
240411-av26ssae21
-
MD5
7157bb4fd707d8feb0688e02de58e2f6
-
SHA1
f645fd81e17916034701e03e94109835bdaaa315
-
SHA256
f16b09c1b311892dbe11c466c2bf4393f2750e1365e9d3c59983e7b5c03a0734
-
SHA512
b665018d4747eeeeba89bbf6620e45478de53e27d24406270723a2c4607ec52f67457a3f8b070203c7a4ae69153fe701f7e515a28248791ed6406bdbc36ec11b
-
SSDEEP
98304:eYD10K/8fvr22SsaNYfdPBldt6+dBcjHtKRJ6BcIbzZFIbzZR:CKUXM7jGIfAj
Behavioral task
behavioral1
Sample
2024-04-11_7157bb4fd707d8feb0688e02de58e2f6_icedid_xrat.exe
Resource
win7-20240221-en
Malware Config
Extracted
quasar
1.4.1
Office04
mx5.deitie.asia:4495
ebbf737a-dddd-43dd-9b0a-74831302455d
-
encryption_key
F8516D89A1DFD78BD8FF575BBC3AE828B47FF0E1
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
2024-04-11_7157bb4fd707d8feb0688e02de58e2f6_icedid_xrat
-
Size
4.7MB
-
MD5
7157bb4fd707d8feb0688e02de58e2f6
-
SHA1
f645fd81e17916034701e03e94109835bdaaa315
-
SHA256
f16b09c1b311892dbe11c466c2bf4393f2750e1365e9d3c59983e7b5c03a0734
-
SHA512
b665018d4747eeeeba89bbf6620e45478de53e27d24406270723a2c4607ec52f67457a3f8b070203c7a4ae69153fe701f7e515a28248791ed6406bdbc36ec11b
-
SSDEEP
98304:eYD10K/8fvr22SsaNYfdPBldt6+dBcjHtKRJ6BcIbzZFIbzZR:CKUXM7jGIfAj
-
Quasar payload
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-