Extracted

Extracted

• • Target

    IcarusRDP_builder-main/Addon/BadAssMacros.exe

  • Size

    82KB

  • MD5

    70cbb8374a37a328d5fee9e79598249c

  • SHA1

    dd4f4c110154e1c0f9709ef6ee36a560ee44b440

  • SHA256

    6ae69898364f6495017b06826a0a3aa015dcb13003585d9082997aefb0fc6601

  • SHA512

    2f26a785589037e6fee96ac8bd7f86a107c9201ceac6bd89bf382baa1c9b007e04b7ba0f74e0ad0376ac5c545e57acd28f28d4432d1d429ffdc74ac42de347b6

  • SSDEEP

    1536:aecskpmNeW/P0i4dkJWDKKeOYC3VkQN9jpGUM2exmflKiBTM:7cskpm4iHIkCbeOr3VkwL7KiBTM

  Score

  3^/10

  discovery
  behavioral1behavioral2

• • Target

    IcarusRDP_builder-main/Addon/Icarus.bin

  • Size

    1.5MB

  • MD5

    ac8eb9f28bcd101fe862a713c0b93c04

  • SHA1

    15a836c0ab73c87e6cba13cfdf95f0dfcbae78b9

  • SHA256

    e0c317dc7079f671586d066cba075175105c1ad52c1a6ad87c612e1ef64ca359

  • SHA512

    bda6bb61005fa47453040086d6964ac18b9249e2ec6aad4abc8fe298ee1cdc91fe1a66a1293e8e7e8c835751c9858c8fd13ff94c9deb55829f7b6dfdebb48831

  • SSDEEP

    49152:q9Nm/5XhG34AiROEw+W7SC2nVQTEQ/BA8FA:uU11lw/WtmA

  Score

  3^/10

  discovery
  behavioral3behavioral4

• • Target

    IcarusRDP_builder-main/Addon/IcarusS.bin

  • Size

    1.5MB

  • MD5

    ca6d136cca25148e6a3751dd952ac31a

  • SHA1

    1fe6ce65494761dda70031d5b4f0ccd305b90b2d

  • SHA256

    904651b0d6968e007f87bf1c4d1d771b9ac6807ce9674f40f2929ce72c36fe79

  • SHA512

    94f3ebf04c2e95ebb1be2c72332411731fb5366828b5368c1db77c01f547fd37c356302d4c6270e83f7085278066d55d87dfd3b21b63adaae1555567e5423f57

  • SSDEEP

    49152:NNm/5XhG34AiROEw+W7SC2nVQTEQ/BA8FA:NU11lw/WtmA

  Score

  3^/10

  discovery
  behavioral5behavioral6

• • Target

    IcarusRDP_builder-main/Addon/bb.bin

  • Size

    22KB

  • MD5

    1e1eabdff6349d45a7455ee58588ccbf

  • SHA1

    8d3c956a80d97d5080a417e3da3689557c782b52

  • SHA256

    ca40c199ed052cb5ed81483bf31520e30d46fc36dce34f206d25c2ff162f3129

  • SHA512

    d528307ff98f7968999861c64efb32efff74d5fcbdfbf85de60705bc48c11a7966026f8aae58d80c0cd009166211c4773178148f9ba437f3955f307a12029da5

  • SSDEEP

    384:+qE+wxApYsEHz5WVFtotTFAj3Lx+gO+adlVW8GiSQZdIghUmOaNJawcudoD7UFMH:+qdYsC5KFtuFY3k+lUe6vfnbcuyD7UF6

  Score

  7^/10

  discovery

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  behavioral7behavioral8

• • Target

    IcarusRDP_builder-main/Addon/bb.exe

  • Size

    37KB

  • MD5

    a89e1929316ac594e1c1258f55a2e297

  • SHA1

    7470a1dadf5b84535f60157f5c0390431acdef08

  • SHA256

    10917ac0bf9f82f521090f861236d27891e4cf30948c0146bab09962adb93c7e

  • SHA512

    2b0b7fcb09d17fc6325de04c2b55ebd796b079e87e53d53a89d8c04b34002863dd874f76478e408e56b539fde380b2c1305fcfa9da81d7a9f3788a6c73e40fdc

  • SSDEEP

    768:ObsCogv5ESs9BDykUWZ0+uD3jqE3zC9GO:OREBs+O3jqOO

  Score

  7^/10

  discovery

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  behavioral10behavioral9

• • Target

    IcarusRDP_builder-main/Addon/ebook.bin

  • Size

    330KB

  • MD5

    6990f6dfcc939b385a780cf3ebb80325

  • SHA1

    2ad8b87eaa4267dfdfd00513f4eac8033ed700b9

  • SHA256

    bda2902a266ddbd3a3efa321456aa449830d1e675c38ab05db5754421426fe15

  • SHA512

    2ea7a1f5ca6d998b540c088d7815867192fcb005ca981f62e84f8dd9ad1ae630d4d04f17bec5a504643ca7507a3ffe6e6d66b95855114b8cbcb9d2020ef2fce4

  • SSDEEP

    6144:erxpH92GeQA4W//5u85cb/VNsRB0g3avKEuANHNUAJVHtES4A5049awJ5cOvEPCd:eTNAt//5t5uXu35vOtUATHtD4Ai4HaOC

  Score

  3^/10

  discovery
  behavioral11behavioral12

• • Target

    IcarusRDP_builder-main/Addon/explorer.exe

  • Size

    103KB

  • MD5

    2bb438f0ee9a0d25dc671d23fd406922

  • SHA1

    bfca33b343502bbdd9262069a89d526b37eb4717

  • SHA256

    084bbe29892a4ee5063027533d4e793a6f689d3dbfe959b0e30bf03e375bcc53

  • SHA512

    7a2cb14167899368d437cc3638fa420cbd3a6b9fcf5afaaad3186da12f5518effe78b6b4e06af770cf24c4cfb64e9d1d9c089fe1c7a8c231c1818d8556d1b4bb

  • SSDEEP

    1536:NPkG0f9sc1Osw7oifKxZtW6CbqQf0aqu:NMG0f9sc1OFNKx9Cbnb

  Score

  10^/10

  xwormpersistencerattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral13behavioral14

• • Target

    IcarusRDP_builder-main/Addon/net2.exe

  • Size

    522KB

  • MD5

    6aeec2845d5eda523b48bd00365a0381

  • SHA1

    3ab93f7f77640be46593f0539eb8a048b23886b9

  • SHA256

    b6e0302b5199d7481ccbd439dbb096597be3fc825bc40b2e27a8ebff69bd4761

  • SHA512

    57d0ffd6841c34d98191416f5142551a6a1e486397138da917862d16d6821b4d0e56b51aa1096289a8c6ba89cf5c7b8e5332814d42a73204ba6bbd5a87cc2aff

  • SSDEEP

    3072:7KK2XD9XBZ4EV0bQj3SQQAZ0hk0L6MM5T274dXSnh8DzFDRlQuEcRf0LIABKjcpl:7KFhXBZPuQj3iB462POmUNoyy/17

  Score

  10^/10

  icarusstealerstealer

  • IcarusStealer

    Icarus is a modular stealer written in C# First adverts in July 2022.

    stealericarusstealer

  • Icarusstealer family

    icarusstealer

  • Legitimate hosting services abused for malware hosting/C2

  behavioral15behavioral16

• • Target

    IcarusRDP_builder-main/Addon/net4.exe

  • Size

    523KB

  • MD5

    3106c4a71146e16df986d9af95031128

  • SHA1

    ff57e2deed0d0af2a0c56ef15a520962fc272bcf

  • SHA256

    16ee92b7160d4153d16f367e65e55f8306fd48a3c2607e190469227dd3773be6

  • SHA512

    c3de9b3820ccc4f845bd1ec40bc4ffc3253ee191a049dc0a1c35a1f0117882b44283165f366cfd8f3811637cf8cf7acac884440a84cbd3c6aad223d362d9b78b

  • SSDEEP

    3072:Uw0yPBMlMKXWkqL6P4CW9BI9HvRvgBUzPR8OZG02du40EROAPT2aMrRX5bxg4lH0:Uw0yPBMlPWkq2PHHcj5WaNM0+

  Score

  10^/10

  icarusstealerdiscoverystealer

  • IcarusStealer

    Icarus is a modular stealer written in C# First adverts in July 2022.

    stealericarusstealer

  • Icarusstealer family

    icarusstealer
  behavioral17behavioral18

• • Target

    IcarusRDP_builder-main/Addon/ptata.bin

  • Size

    752KB

  • MD5

    e82f5b59d76bbebb42bf5f7d756c8c96

  • SHA1

    0dd995acfe788ad9f78de08e6c161c067fa591f7

  • SHA256

    d583a31277fc5eca86e7eb472fd513dae76b68a9858bcd1e1ed96514fda0c54e

  • SHA512

    8e3f3bea19665d2cfc1bc64f4db514371f60e76927cc7beec5da6dfed97f4c9f2f406988d7e1a0ad3d87281a83ee0ab36b15b3d808310dedc7d45062bd159620

  • SSDEEP

    12288:Tfbx+p5bu9TlLfUTdwq1pdVBuzrS+ug4jOh99Gzsss5vvSNR:5+vbuhZUTdJVBeubg4jOh99GzssGvSb

  Score

  1^/10
  behavioral19behavioral20

• • Target

    IcarusRDP_builder-main/Addon/stub.exe

  • Size

    519KB

  • MD5

    a5360ad0a8b9874db83b369fb3d390ec

  • SHA1

    03e5946f7205a7722e80d51765bb004505fd32f9

  • SHA256

    1cf60ba4c545766a0400a894664e51ce971f39ab5e902b366de30e28bc06a25a

  • SHA512

    6076ed8b36959637be213fc68626e959f64c8ff09d06383ad16c53bc08681b32343d44cba185ff63600a0e6a47b989a3df276f603d92f8f2523c48dd9189c3c8

  • SSDEEP

    3072:kjwBILU6eushP7bq70dSJ4CW9BI9HvRvgBUzPR8OZG02du40EROAPT2aMrRX5bxn:kjwbJhP7bG0dSJHHcj5WaNM0Hv

  Score

  10^/10

  icarusstealerdiscoverystealer

  • IcarusStealer

    Icarus is a modular stealer written in C# First adverts in July 2022.

    stealericarusstealer

  • Icarusstealer family

    icarusstealer
  behavioral21behavioral22

• • Target

    IcarusRDP_builder-main/BuildFile.cs

  • Size

    17KB

  • MD5

    9ce38546f896c8b50fdd9eadfc7971cf

  • SHA1

    fc5ebe328b09581c47953e1ac5a2e05c1691d537

  • SHA256

    38e7cf86cfa9845b3d51486170043f11e6db63c359eabc4e3e167bc71a93e695

  • SHA512

    794b92617c3d2c1cc9136e994fbc716831c60513a59630644092f53e9eb87fafbc1be57d4f3470eb173d6b85c1d7e0f24369fa3be2a282329f8e814684a20cf0

  • SSDEEP

    192:d8Ot3+eVEo3cDT2Wl/JxJEwQ4hcnTfYlpJxfOGCzHunmI3ix/+cNDeDzfF6WXjZL:CU6oMDhSnYC+ykcNDeD7SLUH

  Score

  3^/10

  execution
  behavioral23behavioral24

• • Target

    IcarusRDP_builder-main/KeyAuth/api.cs

  • Size

    37KB

  • MD5

    ada94529554db587533c6e320b2d10f4

  • SHA1

    606eac8ff0a1abbc178bd5cb6296731ecb6a0a0c

  • SHA256

    2802f87c6a6b178d2a467b19b2483604296deff615a20cfca21dd891b0c1c9ed

  • SHA512

    067de77e831126fcbddb1988975a2ed424640ca85ce91eff556634053ba387c44e78133ac75949640f62d2b862384795afa8e145f9d30a940094da25b4f164b6

  • SSDEEP

    384:YKa8sDy45iGUOjDTo2EULzQQ45iGUOjzYcJOzDHZI:y9y45iGUOj/o2EULMQ45iGUOjzYcMPHm

  Score

  3^/10

  execution
  behavioral25behavioral26

• • Target

    IcarusRDP_builder-main/Program.cs

  • Size

    1KB

  • MD5

    3c32fc8f9194d27583d26b260d833ce6

  • SHA1

    6027bbd7155a59923d187e3672b43a2dfee9bf8f

  • SHA256

    b175afa74ec9182b6b9f510e1813b788dbcca6225918913b55bc1f83d5ebcdf8

  • SHA512

    620e2eeb935182b45a4bf6abd77574cf21118bd85bd3b942c84406b0e99539e1526cc35b68654a445ee73c9a82c9d175cacc0fd9ea7b9f487b0c8a9761102750

  Score

  3^/10

  execution
  behavioral27behavioral28

• • Target

    IcarusRDP_builder-main/bin/Release/net461/IcarusRDP_builder.exe

  • Size

    42KB

  • MD5

    be91938a2040f67636aa5b33787c06e1

  • SHA1

    9e46d868caf5c98b01e7d6ce797f6912d2921aa5

  • SHA256

    6fdb8db5e2997543674e5539647b5a3f7de922477610446ca1ec13682aafafe6

  • SHA512

    1de16234917405734804741b652bd9f8aa392692779c0148c113468998dcad854e7f4b063ebe66d5c90f88809c42a79ddbbec6abab6a1a86dd17636f401dc053

  • SSDEEP

    768:+BVBTboGODl6fsqsrlWHTJ6Jv7hJfPYRO1jRX5RhD:OVGqsrYTJ6JvVJfPYo1FXt

  Score

  3^/10

  discovery
  behavioral29behavioral30

• • Target

    IcarusRDP_builder-main/bin/Release/net461/Mono.Cecil.dll

  • Size

    350KB

  • MD5

    de69bb29d6a9dfb615a90df3580d63b1

  • SHA1

    74446b4dcc146ce61e5216bf7efac186adf7849b

  • SHA256

    f66f97866433e688acc3e4cd1e6ef14505f81df6b26dd6215e376767f6f954bc

  • SHA512

    6e96a510966a4acbca900773d4409720b0771fede37f24431bf0d8b9c611eaa152ba05ee588bb17f796d7b8caaccc10534e7cc1c907c28ddfa54ac4ce3952015

  • SSDEEP

    6144:jIevdbLPNYe8bikm98KXPHhOWY/fFREomhUFD3z:se1PNL+QRfBg/f/EWFD

  Score

  1^/10
  behavioral31behavioral32