MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 001ef4b5d798dea685857ab1aaefbfe6d82e4a4374a3597e521a296f73094c13. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

IcedID

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	001ef4b5d798dea685857ab1aaefbfe6d82e4a4374a3597e521a296f73094c13
SHA3-384 hash:	4d50b071d8974890f83516f77612077fd1429ac0562012af41efa17739c74800c98a15d62e85a3b715f17922c5f9bc39
SHA1 hash:	77f795288fc8b8abaac9015e426bde5b49748cbb
MD5 hash:	ba58d7697d6cc98683879c6432773341
humanhash:	item-sweet-avocado-comet
File name:	lcc_inv_07-27-484.pdf
Download:	download sample
Signature	IcedID Create hunting rule
File size:	163'072 bytes
First seen:	2023-07-27 20:48:05 UTC
Last seen:	Never
File type:	pdf
MIME type:	application/pdf
ssdeep	3072:Ob9/XRaw2t4OXyJbp7IILEP81Zr5RharfokFLnma5W70xk0:Ob9PRawEbiJbp75EU1ZqLnma5Woxk0
TLSH	T123F312B036E340EAECCE223B59206688435E3297D4741C7F28857C5C1F16E766975BA7
Reporter	k3dg3___
Tags:	3965418973 IcedID pdf

Intelligence

File Origin

# of uploads :

1

# of downloads :

451

Origin country :

US

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.HEUR.Hoax.PDF.Phish.gen.20794.26341.UNOFFICIAL

Result

Verdict:

Suspicious

File Type:

PDF File

Link:

https://app.docguard.net/001ef4b5d798dea685857ab1aaefbfe6d82e4a4374a3597e521a296f73094c13/results/dashboard

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

phishing

Link:

https://www.filescan.io/uploads/64c2d83f1b48787a496fa851/reports/40b280c3-7e53-4c0e-ad7c-ee0b68015c48/overview

Verdict:

Suspicious

Labled as:

Hoax.PDF.Phish

Link:

https://www.hybrid-analysis.com/sample/001ef4b5d798dea685857ab1aaefbfe6d82e4a4374a3597e521a296f73094c13

Label:

Benign

Suspicious Score:

/10

Score Malicious:

1%

Score Benign:

99%

Link:

https://www.malware.ai/gui/files/?id=a9af634d-e7c1-47d1-a8bd-f1818e4a8858

Result

Verdict:

MALICIOUS

Details

Document With Few Pages

Document contains between one and three pages of content. Most malicious documents are sparse in page count.

IPv4 Dotted Quad URL

A URL was detected referencing a direct IP address, as opposed to a domain name.

Result

Threat name:

n/a

Detection:

suspicious

Classification:

n/a

Score:

21 / 100

Link:

https://www.joesandbox.com/analysis/1281477

Signature

Potential malicious clickable URLs found in PDF

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/001ef4b5d798dea685857ab1aaefbfe6d82e4a4374a3597e521a296f73094c13/

Threat name:

Document-PDF.Trojan.IcedID

Status:

Malicious

First seen:

2023-07-27 20:49:06 UTC

File Type:

Document

Extracted files:

2

AV detection:

10 of 38 (26.32%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=aappjnoxtdpknbmfpky2v35743mc4ssdosrvs7ssdiuw64yjjqjq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/001ef4b5d798dea685857ab1aaefbfe6d82e4a4374a3597e521a296f73094c13

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

pdf 001ef4b5d798dea685857ab1aaefbfe6d82e4a4374a3597e521a296f73094c13

(this sample)

exe 3f38ae75758c8afb75b0660a7c927ccb2bce73f572a9e105ea2288f1288f682b

X

https://twitter.com/k3dg3/status/1684666476010078208

Dropping

SHA256 3f38ae75758c8afb75b0660a7c927ccb2bce73f572a9e105ea2288f1288f682b

Delivery method

Distributed via e-mail attachment

Dropping

MD5 582d9e7ed790bbe68fa8489bbc3cfa7a

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample