IcXor
IcXor is a malware family that is active in the Infostealer category and is widely observed around the world. This example is classified as an infostealer that harvests sensitive credentials and personal data on affected systems. Browser saved passwords, cookies, cryptocurrency wallet data and session tokens are among the sources of this malware.
History
IcXor, XOR sifreleme ile zararlı yazilim ailesinin gizlenmesi amaclanarak gelistirilmis bir obfuscation/packer ailesidir. Farkli RAT ve stealer ailelerinin tespitten kacinmak icin kullandigi bir wrapper olarak calisir.
Technical Details
Infostealer ailesi: TCP C2 protokolu, kalicilik mekanizmasi (Registry/Task Scheduler), keylogger, ekran goruntüsü, uzak kabuk, dosya yoneticisi, process manager, anti-analiz kontrolleri
Threat Profile
Type
Infostealer
Programming Language.NET/C#
C2 ProtocolHTTP
First Seen2020
Targets
Windows
Purpose / Capabilities
- Browser Credentials
- Cookie Theft
- Crypto Wallet
- 2FA Code
No C2 servers have been identified for this family yet.