Extracted

• • Target

    3ff0d50557b5ba7eb306048c0e20dd4304a75aeab0470fe213c5089a031a396f.exe

  • Size

    3.9MB

  • MD5

    65a683124fc4ca1839e95322370e2b0d

  • SHA1

    7a7eafcfa4349e40cb15ab30b5c64d3415e60b96

  • SHA256

    3ff0d50557b5ba7eb306048c0e20dd4304a75aeab0470fe213c5089a031a396f

  • SHA512

    14b6d7d06f1bd02fffa5f0a4aecb8bbb7b1441597d9ac27a888f5ff441fce785809bd675c7ef7b1da7f99a8d61100e030b6c8b7b128515e8d713d4ffec54123f

  • SSDEEP

    49152:bP70hwGvLJT/a9yLe7lAsYaxBjbdOGMneGzxgUgoJUcaqCDx6ITcP2MNoSPhaC+O:nUgoJUBZJoP2MNBajvXOSq

  Score

  10^/10

  icarusstealerdiscoveryexecutionpersistencestealer

  • IcarusStealer

    Icarus is a modular stealer written in C# First adverts in July 2022.

    stealericarusstealer

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2