Creamsicle

Description

(FireEye) CREAMSICLE attempts to download an encoded executable from a specified location.

The downloaded file is decoded, written to disk as %APPDATA%\Norton360\Engine\5.1.0.29\ccSvcHst.exe, and padded with 51,200,000 null bytes. CREAMSICLE does not appear to execute the downloaded file, presumably relying on Windows to do so (using the shortcut file in the user’s Startup folder) the next time the user logs in.

Names

Name
Creamsicle

Type

Downloader

Information

https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2015/05/20081935/rpt-apt30.pdf

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.creamsicle

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:CREAMSICLE

Other Information

Uuid

ec3678b0-7ffb-4b53-ae26-cfbd54dfc3df

Last Card Change

2020-04-23

Threat Intelligence Garden

Explorer

Creamsicle

Creamsicle

Description

Names

Category

Type

Information

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks