General
-
Target
Ice Launcher 1.4.zip
-
Size
55.3MB
-
Sample
240815-cfhvqatgkp
-
MD5
2194c2582d47e701dba60f8f10821cc2
-
SHA1
7e49b5006bfdd9d90a63c32cb72281fa52372ea1
-
SHA256
21d64463d87a02a72ae29420048ff36921526dcaa50fac33ce5edc22b4cff369
-
SHA512
d3f677ee007a1a608067bf9e2b693685fcdf9345ffb481738f1c8b7fbb5e4513ab0ea8b21241fdb7aabf3a8466cbb817c12f81b5ddcc8eb46d29b47c4fd82a4e
-
SSDEEP
1572864:gd+pSyV4nTFOo2g5aHR8nFBqOdgTUPl4b3hCpEt2:gd+p5KpOofUxiQOPyb4H
Malware Config
Targets
-
-
Target
Ice Launcher 1.4/Ice Launcher 1.4/IceLoader/Ice Launcher 1.5.exe
-
Size
55.7MB
-
MD5
24540c5be9339feaf996aabe98e05329
-
SHA1
f4759c392d0ba3edfa6cb10e8697525a802f066f
-
SHA256
34141c87dbf95ef0fbad2cabb530903cea65f9f3d788f295de270377c44ef997
-
SHA512
895bc3a49821fe222db746ac5ac516ceea1261eaf6d296c836768c45462cdca410bd080212214076f543dbba064938c170ad59fdf7cc4a3d3d527c2ec93139ea
-
SSDEEP
1572864:mXAcQglvWq7v5Sk8IpG7V+VPhqfDE7VvlgoRRrr:mXAc5JR1SkB05awfkeoL
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-