MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 174fedef472738f40a4e642fdd6c21fa68c3d2058e80efc63b0c1a683486f6c2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 174fedef472738f40a4e642fdd6c21fa68c3d2058e80efc63b0c1a683486f6c2
SHA3-384 hash: b0348daa59df769d640a69ad78b3512be2bfe5c9bd97c29e5c8394c072742fe5f97dfee30286ac8466dab9d4650b760e
SHA1 hash: 95c417050c62a842c53b11987cfb044fe153899a
MD5 hash: 0120cbfca6034db079bffb470b28d2d6
humanhash: winner-ink-hawaii-seventeen
File name:174fedef472738f40a4e642fdd6c21fa68c3d2058e80efc63b0c1a683486f6c2
Download: download sample
Signature IcedID
Create hunting rule
File size:161'792 bytes
First seen:2021-07-26 22:36:26 UTC
Last seen:2021-07-26 23:40:38 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7a8f5c045c96b48f56193a62510f2131 (5 x IcedID)
ssdeep 3072:PwZDE3irQ+r+4rLczkGq9n7zCXCdFMYNzomI+pt79s2:9irQ+r+2aTq9CyYYNzo12
Threatray 172 similar samples on MalwareBazaar
TLSH T1BCF38D03729500EBF5718971A8A39504E372B96217389B4F93909B3A1E3FBD09D9FF64
Reporter Anonymous
Tags:exe IcedID

Intelligence

File Origin
# of uploads :
2
# of downloads :
409
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
174fedef472738f40a4e642fdd6c21fa68c3d2058e80efc63b0c1a683486f6c2
Verdict:
No threats detected
Analysis date:
2021-07-26 22:43:18 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b93a0f10-09fc-4365-a4c9-4d8c0762f52f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/174211/
Detection(s):
SecuriteInfo.com.Win64.BankerX-genTrj.1250.17773.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f007c3b5-f395-480c-a29a-865bb4104c8b
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/822044
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 454452 Sample: mZ4ry3n1la Startdate: 27/07/2021 Architecture: WINDOWS Score: 48 28 Multi AV Scanner detection for submitted file 2->28 7 loaddll64.exe 1 2->7         started        process3 process4 9 iexplore.exe 1 73 7->9         started        11 cmd.exe 1 7->11         started        13 regsvr32.exe 7->13         started        15 20 other processes 7->15 process5 17 iexplore.exe 149 9->17         started        20 rundll32.exe 11->20         started        dnsIp6 22 tls13.taboola.map.fastly.net 151.101.1.44, 443, 49754, 49755 FASTLYUS United States 17->22 24 geolocation.onetrust.com 104.20.184.68, 443, 49742, 49743 CLOUDFLARENETUS United States 17->24 26 8 other IPs or domains 17->26
Gathering data
Threat name:
Win64.Trojan.BankerX
Create hunting rule
Status:
Malicious
First seen:
2021-07-26 22:37:05 UTC
AV detection:
8 of 28 (28.57%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
1d921a846347be4c8cefbbf0449a40710408ecccf5cbbf99a0f8e41acb78881e
IcedID
3839ea5f86c4ebc8036ab26cfee2b0e05893a6b276d39ba23b75980c4db4c8a4
IcedID
391a3345bbbfaa64e34d0dda39ecebd1057c22808270b60750f9bec97716734a
IcedID
6b213066b6c0587a9fdddd47ea81be8cfb05b58d90f0a4dce03260e0dde8eca8
IcedID
6e3135f2b19b776522d8ea589f676d6b707eeaf112c77d88923caf15bf98eff5
IcedID
73bb27d72c97502d1c865e8d92870cac41c68e00f00084f6cc8de6bc43275a5b
IcedID
912127a88af6cce3c806e6e0c124c80986198e888ab22f65639f70accbf395e5
IcedID
f266bc35f9a52d2dc6e63fab03f8a6aab989639b9920e2afe5d2d4517340d3c9
IcedID
f7594160c8df5c19d329c27fd3f49cb557afb36f5e34949eaf9ba575de8b9a93
IcedID
+ 162 additional samples on MalwareBazaar
Result
Malware family:
icedid
Create hunting rule
Score:
  10/10
Tags:
family:icedid botnet:81538452 banker trojan
Link:
https://tria.ge/reports/210726-1mt87gdfxe/
Behaviour
IcedID, BokBot
Malware Config
C2 Extraction:
garrozalibbo.click
disponfirules.top
mislinororv.top
twistcolseza.top
Unpacked files
SH256 hash:
174fedef472738f40a4e642fdd6c21fa68c3d2058e80efc63b0c1a683486f6c2
MD5 hash:
0120cbfca6034db079bffb470b28d2d6
SHA1 hash:
95c417050c62a842c53b11987cfb044fe153899a
Link:
https://www.unpac.me/results/24ce750b-5362-461c-b623-858b00b209da/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/174fedef472738f40a4e642fdd6c21fa68c3d2058e80efc63b0c1a683486f6c2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/174211/

Comments