Malware analysis JPHP IceRat analysis

Status
Not open for further replies.

Andy Ful

Level 73
Verified
Trusted
Developer
Dec 23, 2014
6,272
42,731
I am probably the last one who finally noticed that IceRat.exe and klip.exe are not only similar but in fact the same malware, despite the different hashes (but Vhash and Imphash are the same). They have almost identical sections (except .rsrc which differs only by hash and Chi2, but have the same Virtual Address - Virtual Size - Raw Size - Entropy). Furthermore they have identical Resources.:unsure:(y)
 
Last edited:

struppigel

Moderator
Verified
Staff member
Apr 9, 2020
438
3,302
  • Thread starter
  • Moderator
  • #23
I am closing this thread now.
The analysis of related samples is done. With related I mean all samples that are actually downloading, dropping or creating each other. The relations are outlined, starting with the first part of the infection chain.

Most of the things that were posted in this thread recently don't seem to be related to IceRat except for the domain. Or there are other very loose connections like just the file name. Feel free to open a different thread for discussing speculations of that case. 🤠
 
Status
Not open for further replies.
Top