Malware Analysis JPHP IceRat analysis

Status
Not open for further replies.

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top poster
Developer
Well-known
Dec 23, 2014
7,187
I am probably the last one who finally noticed that IceRat.exe and klip.exe are not only similar but in fact the same malware, despite the different hashes (but Vhash and Imphash are the same). They have almost identical sections (except .rsrc which differs only by hash and Chi2, but have the same Virtual Address - Virtual Size - Raw Size - Entropy). Furthermore they have identical Resources.:unsure:(y)
 
Last edited:

struppigel

Moderator
Thread author
Verified
Staff member
Well-known
Apr 9, 2020
551
I am closing this thread now.
The analysis of related samples is done. With related I mean all samples that are actually downloading, dropping or creating each other. The relations are outlined, starting with the first part of the infection chain.

Most of the things that were posted in this thread recently don't seem to be related to IceRat except for the domain. Or there are other very loose connections like just the file name. Feel free to open a different thread for discussing speculations of that case. 🤠
 
Status
Not open for further replies.