Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
icarusokay.exe
-
Size
494KB
-
Sample
240908-crpgmsyhql
-
MD5
a960b054b2d055d60ad7d93d2ede01f8
-
SHA1
f19fce2fc2e2e52db169e1ece0845ff162e844cd
-
SHA256
65409873f2564f68f5f8cdc465f395de884ad276168881c03163dc409c7239b3
-
SHA512
dabd847829c4bdc8639c6171c819e53e5dddc2d1903a322e803633ffc8e6c1eba7ed21f9490c07454fd8c240e0d075a313516835be119023ea9488b3b29fb914
-
SSDEEP
12288:KxMFSuLut6N6LqQzJqkKAulc84bYBbuB1t4cWWzDKuVAccIpGNJ+Q0:G9Z6N6LqQzJqkb
Static task
static1
Behavioral task
behavioral1
Sample
icarusokay.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
icarusstealer
-
payload_url
https://blackhatsec.org/add.jpg
https://blackhatsec.org/remove.jpg
Targets
-
-
Target
icarusokay.exe
-
Size
494KB
-
MD5
a960b054b2d055d60ad7d93d2ede01f8
-
SHA1
f19fce2fc2e2e52db169e1ece0845ff162e844cd
-
SHA256
65409873f2564f68f5f8cdc465f395de884ad276168881c03163dc409c7239b3
-
SHA512
dabd847829c4bdc8639c6171c819e53e5dddc2d1903a322e803633ffc8e6c1eba7ed21f9490c07454fd8c240e0d075a313516835be119023ea9488b3b29fb914
-
SSDEEP
12288:KxMFSuLut6N6LqQzJqkKAulc84bYBbuB1t4cWWzDKuVAccIpGNJ+Q0:G9Z6N6LqQzJqkb
-
IcarusStealer
Icarus is a modular stealer written in C# First adverts in July 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Create or Modify System Process
1Windows Service
1