Overview
overview
9Static
static
7hacked cli...et.exe
windows10-1703-x64
7hacked cli...mi.exe
windows10-1703-x64
1hacked cli...te.exe
windows10-1703-x64
1hacked cli...v2.exe
windows10-1703-x64
7hacked cli...sy.exe
windows10-1703-x64
6hacked cli...ic.exe
windows10-1703-x64
1hacked cli...ea.exe
windows10-1703-x64
1hacked cli...id.exe
windows10-1703-x64
1hacked cli...on.exe
windows10-1703-x64
9hacked cli...ra.exe
windows10-1703-x64
9hacked cli...ga.exe
windows10-1703-x64
1hacked cli...in.exe
windows10-1703-x64
1Analysis
-
max time kernel
30s -
max time network
20s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
01-05-2024 00:51
Behavioral task
behavioral1
Sample
hacked client (rats) LMAO/Hermotet.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
hacked client (rats) LMAO/Itami.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
hacked client (rats) LMAO/Lithium-Lite.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
hacked client (rats) LMAO/axentav2.exe
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
hacked client (rats) LMAO/ectasy.exe
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
hacked client (rats) LMAO/epic.exe
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
hacked client (rats) LMAO/icetea.exe
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
hacked client (rats) LMAO/koid.exe
Resource
win10-20240404-en
Behavioral task
behavioral9
Sample
hacked client (rats) LMAO/krypton.exe
Resource
win10-20240404-en
Behavioral task
behavioral10
Sample
hacked client (rats) LMAO/kura.exe
Resource
win10-20240404-en
Behavioral task
behavioral11
Sample
hacked client (rats) LMAO/vega.exe
Resource
win10-20240404-en
Behavioral task
behavioral12
Sample
hacked client (rats) LMAO/zoomin.exe
Resource
win10-20240404-en
General
-
Target
hacked client (rats) LMAO/icetea.exe
-
Size
629KB
-
MD5
ec75749551b255093e77a5d6c1d72e1b
-
SHA1
fac81f6c1f1bd668b66f2d1d84c6fe2a4e6b0c98
-
SHA256
1a9f99be6ea38d09047da97d68350d5c04f59cd40269569271ff3231fbabb32d
-
SHA512
2db7db3fe569d70e476d05f8b4e88e2f5d22ecccce12dca745208001078d0cd9c7f00711b32c2599d2b594f98a6a6ff20ef9c133d3c133654782788f8e5198e8
-
SSDEEP
12288:sLzn/Pp+rhlRXD4OAo+e9ipG+60o18wnqQ:sHn/PpwhLT4OAFyiEd18wnq
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
icetea.exepid process 5000 icetea.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
icetea.exedescription pid process Token: SeDebugPrivilege 5000 icetea.exe Token: SeSecurityPrivilege 5000 icetea.exe Token: SeDebugPrivilege 5000 icetea.exe Token: SeSecurityPrivilege 5000 icetea.exe