MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 173e5b0fb1e2e4a4dd39532065cf44cd1fcf030b11b1d2c5a19def836a7e1910. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 173e5b0fb1e2e4a4dd39532065cf44cd1fcf030b11b1d2c5a19def836a7e1910
SHA3-384 hash: bc15ce43473bd19b3f7c36625cdc19695e648992e2f4096a26170d15237e2eaa4e5e929901a5b4076ea7f54810221d3c
SHA1 hash: 3ba16e8dae8c954dd92022a7dfcd02987278f188
MD5 hash: 08c03614671b45d6fe33291784e2085c
humanhash: jupiter-purple-kansas-fourteen
File name:Inv_88_Jan-01_Copy.zip
Download: download sample
Signature IcedID
Create hunting rule
File size:346'470 bytes
First seen:2023-01-09 17:00:57 UTC
Last seen:2023-01-09 17:58:20 UTC
File type: zip
MIME type:application/zip
Note:This file is a password protected archive. The password is: s1835
ssdeep 6144:TehBfGMGjotVu+T0WB5W1DJkXNoBNTPQJ0dBWUoiEdbSx1/8FHQ71IowMousCrw:QB88uJWB5Wvk9gxQJqWi4S8GZIowdbQw
TLSH T1E5742354D037BEC0CC42879D5A85B1DAC8CC04E8B604AEECE355B96FD0CF6A8DAEE554
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter k3dg3___
Tags:3131022508 IcedID pw s1835 wagringamuk.com zip

Intelligence

File Origin
# of uploads :
2
# of downloads :
174
Origin country :
US US
File Archive Information

This file archive contains 3 file(s), sorted by their relevance:

File name:hipsexfryd.cmd
File size:1'461 bytes
SHA256 hash: 6da903d156a109167a30e55cf323815a4418d439976232523fd3b71c04df87dc
MD5 hash: cd4e29cd2e40036a15420ebc25ea24d2
MIME type:text/plain
Signature IcedID
File name:Scan_01-09.lnk
File size:1'978 bytes
SHA256 hash: 4353ab7fcd01311a7b1946f9b7d2108ecdb7065d8322deb7fc0d12e0639621d3
MD5 hash: 57bf3d5a02a9e76098738b7eaad0356b
MIME type:application/octet-stream
Signature IcedID
File name:strapping.dat
File size:807'304 bytes
SHA256 hash: 180bc8d0f85146d6d16fa8079e38ca5e84756f1e201fc7259464addbaee15ff2
MD5 hash: 15dd0873cb6bef0c8e89a0319a202c3a
MIME type:application/x-dosexec
Signature IcedID
Vendor Threat Intelligence
Gathering data
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/173e5b0fb1e2e4a4dd39532065cf44cd1fcf030b11b1d2c5a19def836a7e1910
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/173e5b0fb1e2e4a4dd39532065cf44cd1fcf030b11b1d2c5a19def836a7e1910/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=c47fwd5r4lskjxjzkmqglt2ezup46aylcgy5frnbtxxyg2t6deia._file
Gathering data
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/173e5b0fb1e2e4a4dd39532065cf44cd1fcf030b11b1d2c5a19def836a7e1910

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

IcedID

pdf d8dc4ec4e00170f66c75037b9b490b70df58ee11edc6d9451f11f021cb19b162

IcedID

zip 173e5b0fb1e2e4a4dd39532065cf44cd1fcf030b11b1d2c5a19def836a7e1910

(this sample)

180bc8d0f85146d6d16fa8079e38ca5e84756f1e201fc7259464addbaee15ff2

  
Link
https://tria.ge/230109-va2dzsad3v/behavioral1
  
Dropping
SHA256 180bc8d0f85146d6d16fa8079e38ca5e84756f1e201fc7259464addbaee15ff2
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 d8dc4ec4e00170f66c75037b9b490b70df58ee11edc6d9451f11f021cb19b162
  
Dropped by
MD5 d6526ab8d79422cd64879b2c18765378

Comments