Malware Analysis JPHP IceRat analysis

Status
Not open for further replies.

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,542
I am probably the last one who finally noticed that IceRat.exe and klip.exe are not only similar but in fact the same malware, despite the different hashes (but Vhash and Imphash are the same). They have almost identical sections (except .rsrc which differs only by hash and Chi2, but have the same Virtual Address - Virtual Size - Raw Size - Entropy). Furthermore they have identical Resources.:unsure:(y)
 
Last edited:

struppigel

Super Moderator
Thread author
Verified
Staff Member
Well-known
Apr 9, 2020
667
I am closing this thread now.
The analysis of related samples is done. With related I mean all samples that are actually downloading, dropping or creating each other. The relations are outlined, starting with the first part of the infection chain.

Most of the things that were posted in this thread recently don't seem to be related to IceRat except for the domain. Or there are other very loose connections like just the file name. Feel free to open a different thread for discussing speculations of that case. 🤠
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top