MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b145cd12882ab58ddb7bdb833e11f9e11b3eb9ce721d75cc6197f87ba4fd341. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1b145cd12882ab58ddb7bdb833e11f9e11b3eb9ce721d75cc6197f87ba4fd341
SHA3-384 hash: f86881367b163c0c14d1ab3a04efce8e3fda6d12a97d5abf35cf4df0db63c8f0511d3b96888e23c93b4eec8adeea89a6
SHA1 hash: e34c49a332c42a0c3afd0e2ff7d90311ac01aa3f
MD5 hash: 9fd1bc256860d6a18a9b1a294b66dfb3
humanhash: tennessee-eighteen-neptune-equal
File name:mGhdt.pdf
Download: download sample
Signature IcedID
Create hunting rule
File size:245'760 bytes
First seen:2020-11-24 21:27:07 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 0bce35d6079bdabe8ebf4ef0830555c9 (2 x IcedID)
ssdeep 6144:GpHlgWOOHnlNSY2mptctqLLjfv/ABDvwrXgQ7B:GFlgAn52vq/jHEYrXgq
Threatray 959 similar samples on MalwareBazaar
TLSH 9134D01333D84476F8B7423944368A61977BB6120B38CC8F76E9168D4AB37E16B3178B
Reporter malware_traffic
Tags:dll IcedID Shathak TA551

Intelligence

File Origin
# of uploads :
1
# of downloads :
181
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
22 / 100
Link:
https://www.joesandbox.com/analysis/546452
Signature
Initial sample is a PE file and has a suspicious name
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 322322 Sample: mGhdt.pdf Startdate: 24/11/2020 Architecture: WINDOWS Score: 22 23 Initial sample is a PE file and has a suspicious name 2->23 7 AcroRd32.exe 40 2->7         started        process3 process4 9 RdrCEF.exe 44 7->9         started        12 AcroRd32.exe 2 5 7->12         started        dnsIp5 19 192.168.2.1 unknown unknown 9->19 14 RdrCEF.exe 9->14         started        17 RdrCEF.exe 9->17         started        process6 dnsIp7 21 80.0.0.0 NTLGB United Kingdom 14->21
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1b145cd12882ab58ddb7bdb833e11f9e11b3eb9ce721d75cc6197f87ba4fd341/
Threat name:
Win32.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2020-11-24 21:28:05 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dmkfzujiqkvvrxnxxw4dhyi7tyi3h24444q5oxggdf7yposp2naq._file
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
255292813ce0ad650af7407017437c96790c5f5d4741f0acdd9a73a5f0fa8112
IcedID
9db1fd185fe301a98e74eb7054ce894972f6524525d4033ab253123f503840e3
IcedID
a9f651747ef040972d25a7f039a4853c9ed151ad252380e1e75af32ddc4ece82
IcedID
b6f0d81099f0bf43567af83bfeb0cd8eb8bbf006f5de72619f6bd25bda0695ff
IcedID
be562ffeaef635059b492ebcf4a70d2cb8f2395efaae53265197b09894c10870
IcedID
c1111af153084f468c5d36ffcab28670c7a9b8212fc080b7fbe85fe7807d6e95
IcedID
c7b031f4548d4f90f20876b89665e739bc7d2ec3136280abd706db7661f4e3f2
IcedID
e02483eca255879ba6a57365dbecb56f5049283d8cd3f030dceca5c69f7af161
IcedID
e6f74e5db80b5174c7d6bbe494a038a119d016c49ce51b17fb758774095e8ad4
IcedID
eca49a13a5cbb36865e2d31adeb1344c6cd4fa72f01e46499f0f7a086bd4db38
IcedID
+ 949 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201124-kc4gcgnvq6/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
1b145cd12882ab58ddb7bdb833e11f9e11b3eb9ce721d75cc6197f87ba4fd341
MD5 hash:
9fd1bc256860d6a18a9b1a294b66dfb3
SHA1 hash:
e34c49a332c42a0c3afd0e2ff7d90311ac01aa3f
Link:
https://www.unpac.me/results/45dd2a11-fb8f-4c1a-b66f-3a6d2a4585ca/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1b145cd12882ab58ddb7bdb833e11f9e11b3eb9ce721d75cc6197f87ba4fd341

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments