IceXLoader upgraded malware loader crashes Windows

A malware loader that was described as a "project in progress" in June is now fully operational and infecting thousands of Windows home and office computers.

IceXLoader version 3 was discovered over the summer by FortiGuard Labs of Fortinet, which wrote that the malware's capabilities were lacking and appeared to have been ported to the Nim programming language.

figure 1

However, researchers from Minerva Labs on Tuesday they said that they had found a newer version of IceXLoader – 3.3.3 – that works properly.

IceXLoader collects metadata from the system – such as IP address, username and machine name, Windows version and CPU, GPU and memory information – and sends it to a command and control server (C2) , according to the researchers.

There's a SQLite database of the malware there, and it's constantly being updated. According to the researchers, it "contains thousands of victim files, from private home and corporate computers."

The price of IceXLoader on the dark web was $118 (lifetime license) but at the moment we don't know how much the new version costs.

Malware initially enters systems through phishing. Emails contain a ZIP file that hosts a dropper, which drops a downloader written in .NET. This malware downloads another dropper that decrypts and injects IceXLoader.

IceXLoader directly communicates with the C2 server for further commands and additional malware. According to FortiGuard, IceXLoader version 1.0 was used to distribute the DCRat – or Dark Crystal RAT (a remote access trojan) malware, while version 3.0 distributed a Monero miner.

IceXLoader has a number of features designed to evade detection by Microsoft Defender.

Additionally, the malware is written in Nim – a newer programming language that compiles to C, C++ and JavaScript. Nim has been adopted in recent years by malicious developers trying to make their malicious code difficult to detect.
It's part of a larger trend in recent years where malware developers are turning to newer languages ​​like Go, DLang, Nim and Rust to avoid easy detection.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.096 registrants.
malware, loader

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).