545ff04089ae7c3afed04ebc6224472f99e8e45c707314a6b779a1cd22dc7f9b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

IcarusRDP_...os.exe

windows7-x64

3

IcarusRDP_...os.exe

windows10-2004-x64

3

IcarusRDP_...us.exe

windows7-x64

3

IcarusRDP_...us.exe

windows10-2004-x64

3

IcarusRDP_...sS.exe

windows7-x64

3

IcarusRDP_...sS.exe

windows10-2004-x64

3

IcarusRDP_...bb.exe

windows7-x64

3

IcarusRDP_...bb.exe

windows10-2004-x64

7

IcarusRDP_...bb.exe

windows7-x64

3

IcarusRDP_...bb.exe

windows10-2004-x64

7

IcarusRDP_...ok.exe

windows7-x64

3

IcarusRDP_...ok.exe

windows10-2004-x64

3

IcarusRDP_...er.exe

windows7-x64

IcarusRDP_...er.exe

windows10-2004-x64

IcarusRDP_...t2.exe

windows7-x64

IcarusRDP_...t2.exe

windows10-2004-x64

IcarusRDP_...t4.exe

windows7-x64

IcarusRDP_...t4.exe

windows10-2004-x64

IcarusRDP_...ta.exe

windows7-x64

1

IcarusRDP_...ta.exe

windows10-2004-x64

1

IcarusRDP_...ub.exe

windows7-x64

IcarusRDP_...ub.exe

windows10-2004-x64

IcarusRDP_...ile.js

windows7-x64

3

IcarusRDP_...ile.js

windows10-2004-x64

3

IcarusRDP_...api.js

windows7-x64

3

IcarusRDP_...api.js

windows10-2004-x64

3

IcarusRDP_...ram.js

windows7-x64

3

IcarusRDP_...ram.js

windows10-2004-x64

3

IcarusRDP_...er.exe

windows7-x64

3

IcarusRDP_...er.exe

windows10-2004-x64

3

IcarusRDP_...il.dll

windows7-x64

1

IcarusRDP_...il.dll

windows10-2004-x64

1

Analysis

max time kernel
140s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2024, 19:33

Sharing

Static task

static1

upx xworm icarusstealer

5 signatures

Behavioral task

behavioral1

Sample

IcarusRDP_builder-main/Addon/BadAssMacros.exe

Resource

win7-20241010-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

IcarusRDP_builder-main/Addon/BadAssMacros.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral3

Sample

IcarusRDP_builder-main/Addon/Icarus.exe

Resource

win7-20241023-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral4

Sample

IcarusRDP_builder-main/Addon/Icarus.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral5

Sample

IcarusRDP_builder-main/Addon/IcarusS.exe

Resource

win7-20240903-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral6

Sample

IcarusRDP_builder-main/Addon/IcarusS.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral7

Sample

IcarusRDP_builder-main/Addon/bb.exe

Resource

win7-20240708-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral8

Sample

IcarusRDP_builder-main/Addon/bb.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral9

Sample

IcarusRDP_builder-main/Addon/bb.exe

Resource

win7-20241010-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral10

Sample

IcarusRDP_builder-main/Addon/bb.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral11

Sample

IcarusRDP_builder-main/Addon/ebook.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral12

Sample

IcarusRDP_builder-main/Addon/ebook.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral13

Sample

IcarusRDP_builder-main/Addon/explorer.exe

Resource

win7-20240903-en

xworm persistence rat trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral14

Sample

IcarusRDP_builder-main/Addon/explorer.exe

Resource

win10v2004-20241007-en

xworm persistence rat trojan

windows10-2004-x64

12 signatures

150 seconds

Behavioral task

behavioral15

Sample

IcarusRDP_builder-main/Addon/net2.exe

Resource

win7-20240903-en

icarusstealer stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral16

Sample

IcarusRDP_builder-main/Addon/net2.exe

Resource

win10v2004-20241007-en

icarusstealer stealer

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral17

Sample

IcarusRDP_builder-main/Addon/net4.exe

Resource

win7-20240903-en

icarusstealer discovery stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral18

Sample

IcarusRDP_builder-main/Addon/net4.exe

Resource

win10v2004-20241007-en

icarusstealer discovery stealer

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral19

Sample

IcarusRDP_builder-main/Addon/ptata.exe

Resource

win7-20241010-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral20

Sample

IcarusRDP_builder-main/Addon/ptata.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

IcarusRDP_builder-main/Addon/stub.exe

Resource

win7-20240903-en

icarusstealer discovery stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral22

Sample

IcarusRDP_builder-main/Addon/stub.exe

Resource

win10v2004-20241007-en

icarusstealer discovery stealer

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral23

Sample

IcarusRDP_builder-main/BuildFile.js

Resource

win7-20240903-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral24

Sample

IcarusRDP_builder-main/BuildFile.js

Resource

win10v2004-20241007-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral25

Sample

IcarusRDP_builder-main/KeyAuth/api.js

Resource

win7-20240903-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral26

Sample

IcarusRDP_builder-main/KeyAuth/api.js

Resource

win10v2004-20241007-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral27

Sample

IcarusRDP_builder-main/Program.js

Resource

win7-20240903-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral28

Sample

IcarusRDP_builder-main/Program.js

Resource

win10v2004-20241007-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral29

Sample

IcarusRDP_builder-main/bin/Release/net461/IcarusRDP_builder.exe

Resource

win7-20240708-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral30

Sample

IcarusRDP_builder-main/bin/Release/net461/IcarusRDP_builder.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral31

Sample

IcarusRDP_builder-main/bin/Release/net461/Mono.Cecil.dll

Resource

win7-20241010-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

IcarusRDP_builder-main/bin/Release/net461/Mono.Cecil.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

IcarusRDP_builder-main/KeyAuth/api.js
Size

37KB
MD5

ada94529554db587533c6e320b2d10f4
SHA1

606eac8ff0a1abbc178bd5cb6296731ecb6a0a0c
SHA256

2802f87c6a6b178d2a467b19b2483604296deff615a20cfca21dd891b0c1c9ed
SHA512

067de77e831126fcbddb1988975a2ed424640ca85ce91eff556634053ba387c44e78133ac75949640f62d2b862384795afa8e145f9d30a940094da25b4f164b6
SSDEEP

384:YKa8sDy45iGUOjDTo2EULzQQ45iGUOjzYcJOzDHZI:y9y45iGUOj/o2EULMQ45iGUOjzYcMPHm

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Processes

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\IcarusRDP_builder-main\KeyAuth\api.js
1⤵
PID:1564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2025

Terms | Privacy