Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Icarus-Rel...US.exe

windows7-x64

10

Icarus-Rel...US.exe

windows10-2004-x64

10

Icarus-Rel...or.dll

windows7-x64

1

Icarus-Rel...or.dll

windows10-2004-x64

1

Icarus-Rel...n1.dll

windows7-x64

1

Icarus-Rel...n1.dll

windows10-2004-x64

1

Icarus-Rel...et.dll

windows7-x64

1

Icarus-Rel...et.dll

windows10-2004-x64

1

Icarus-Rel...ib.dll

windows7-x64

1

Icarus-Rel...ib.dll

windows10-2004-x64

1

Icarus-Rel...on.dll

windows7-x64

1

Icarus-Rel...on.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    91s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/08/2024, 17:13 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Icarus-Release-main/ICARUS.exe

  • Size

    8.5MB

  • MD5

    e6a620574c5dc9ce58e154d70c1d9554

  • SHA1

    8393b760d657ab39d92a43070d75be25c315b8c9

  • SHA256

    e7a1e22275898facd79c2dd59f2be158317ae44cb7eb661a3b7e0f351f0c8a4c

  • SHA512

    5b4deaad005c9145dbda58859ea5063e081339c6fe5c21069c0eedaf0bac1fbda501bd5c10b13b8c7e4c860a5456f8f03c5bc95cda1a6094b215eada542522ce

  • SSDEEP

    196608:aCkRUlCbTlSndgMimOXNsCDC4PfcPsRV:aCkqlCsdgvXyQC4

Score
10/10
elysiumstealerdiscoverystealer

Malware Config

Signatures

  • ElysiumStealer

    ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.

    stealerelysiumstealer
  • ElysiumStealer Support DLL 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\Icarus-Release-main\ICARUS.exe
    "C:\Users\Admin\AppData\Local\Temp\Icarus-Release-main\ICARUS.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:1496

Network

  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e82390a4f0964609926419fe7db9ed33&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e82390a4f0964609926419fe7db9ed33&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=2D2D2A0A6C556688117E3EDA6DEE67E5; domain=.bing.com; expires=Thu, 28-Aug-2025 17:14:06 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 9601C07F96304CF0B6962B350B62A691 Ref B: LON04EDGE0809 Ref C: 2024-08-03T17:14:06Z
    date: Sat, 03 Aug 2024 17:14:05 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e82390a4f0964609926419fe7db9ed33&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e82390a4f0964609926419fe7db9ed33&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=2D2D2A0A6C556688117E3EDA6DEE67E5
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=D3OLSQ2LdjWXy6BAplBigAMa9c0XoyZfFTHEam8BfoU; domain=.bing.com; expires=Thu, 28-Aug-2025 17:14:06 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A561108E888445CDA746499E4061599B Ref B: LON04EDGE0809 Ref C: 2024-08-03T17:14:06Z
    date: Sat, 03 Aug 2024 17:14:06 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e82390a4f0964609926419fe7db9ed33&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e82390a4f0964609926419fe7db9ed33&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=2D2D2A0A6C556688117E3EDA6DEE67E5; MSPTC=D3OLSQ2LdjWXy6BAplBigAMa9c0XoyZfFTHEam8BfoU
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: FD1731DB490E4B31A61514177FC61D9A Ref B: LON04EDGE0809 Ref C: 2024-08-03T17:14:06Z
    date: Sat, 03 Aug 2024 17:14:06 GMT
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    73.144.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.144.22.2.in-addr.arpa
    IN PTR
    Response
    73.144.22.2.in-addr.arpa
    IN PTR
    a2-22-144-73deploystaticakamaitechnologiescom
  • flag-us
    DNS
    237.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.197.79.204.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    40.58.20.217.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    40.58.20.217.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • 204.79.197.237:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e82390a4f0964609926419fe7db9ed33&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=
    tls, http2
    2.0kB
     9.3kB
     21
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e82390a4f0964609926419fe7db9ed33&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e82390a4f0964609926419fe7db9ed33&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e82390a4f0964609926419fe7db9ed33&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=

    HTTP Response

    204
  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     151 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.237
    13.107.21.237

  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    73.144.22.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    73.144.22.2.in-addr.arpa

  • 8.8.8.8:53
    237.197.79.204.in-addr.arpa
    dns
    73 B
     143 B
     1
    1

    DNS Request

    237.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    157.123.68.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    157.123.68.40.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    40.58.20.217.in-addr.arpa
    dns
    71 B
     131 B
     1
    1

    DNS Request

    40.58.20.217.in-addr.arpa

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    19.229.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\NativePRo.dll
    Filesize

    40KB

    MD5

    94173de2e35aa8d621fc1c4f54b2a082

    SHA1

    fbb2266ee47f88462560f0370edb329554cd5869

    SHA256

    7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

    SHA512

    cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

    Download Submit

  • memory/1496-0-0x0000000074C5E000-0x0000000074C5F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1496-1-0x0000000000480000-0x0000000000CFE000-memory.dmp

    Filesize

    8.5MB

    Download

  • memory/1496-2-0x0000000002F70000-0x0000000002F7C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1496-3-0x0000000074C50000-0x0000000075400000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1496-8-0x0000000005E60000-0x0000000006404000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/1496-9-0x00000000058B0000-0x0000000005942000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1496-10-0x0000000005890000-0x000000000589A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1496-11-0x0000000008470000-0x000000000885A000-memory.dmp

    Filesize

    3.9MB

    Download

  • memory/1496-12-0x0000000074C50000-0x0000000075400000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1496-15-0x0000000074C5E000-0x0000000074C5F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1496-16-0x0000000074C50000-0x0000000075400000-memory.dmp

    Filesize

    7.7MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.