icarusstealer | 140ac7d466459142aafacd0b67de79d7b662ac68ea37023b89069ac480e8509e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

dddd.exe

windows11-21h2-x64

Sharing

General

Target

dddd.exe
Size

494KB
Sample

240805-kjksgsvgjd
MD5

a31f6a526e1b5482249559f65f6a60b7
SHA1

16739fa1dcfe6e8e83e154499d0df786107d32b2
SHA256

140ac7d466459142aafacd0b67de79d7b662ac68ea37023b89069ac480e8509e
SHA512

23a84d6a81789dc40e6c2fe4534eed84a4a6565130d84d38dc5f5615b42a8bb4a68a06d95d8f50940d2f93a379ed8e8c5a3d855535ba8fedb26b0bc970f064e5
SSDEEP

12288:7F8aeruLut6N6LqQzJqkKAulc84bYBbuB1t4cWWzDKuVAccIpGNJ+Qj:7iVZ6N6LqQzJqkE

Score

10^/10

icarusstealer discovery execution persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dddd.exe

Resource

win11-20240802-en

icarusstealer discovery execution persistence stealer

windows11-21h2-x64

29 signatures

150 seconds

Malware Config

Extracted

Family

icarusstealer

Attributes

payload_url
https://blackhatsec.org/add.jpg

https://blackhatsec.org/remove.jpg

Targets

- Target
  
  dddd.exe
- Size
  
  494KB
- MD5
  
  a31f6a526e1b5482249559f65f6a60b7
- SHA1
  
  16739fa1dcfe6e8e83e154499d0df786107d32b2
- SHA256
  
  140ac7d466459142aafacd0b67de79d7b662ac68ea37023b89069ac480e8509e
- SHA512
  
  23a84d6a81789dc40e6c2fe4534eed84a4a6565130d84d38dc5f5615b42a8bb4a68a06d95d8f50940d2f93a379ed8e8c5a3d855535ba8fedb26b0bc970f064e5
- SSDEEP
  
  12288:7F8aeruLut6N6LqQzJqkKAulc84bYBbuB1t4cWWzDKuVAccIpGNJ+Qj:7iVZ6N6LqQzJqkE
Score

10^/10

icarusstealer discovery execution persistence stealer
- IcarusStealer
  Icarus is a modular stealer written in C# First adverts in July 2022.
  stealer icarusstealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

icarusstealerdiscoveryexecutionpersistencestealer

© 2018-2025

Terms | Privacy