MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2b317f6a1ffc33b390ef0f9ca4c7227c250dc6e46e9eb198e2ef56ce00e0d360. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2b317f6a1ffc33b390ef0f9ca4c7227c250dc6e46e9eb198e2ef56ce00e0d360
SHA3-384 hash: 51f864903162fa3e3171ee3a15f3a3e21adc53a18e607b55ca2f4166b1bf95cf553dc16d13541ce5b08ae57bb3c181f4
SHA1 hash: 806be56086dc7d3dd75c6328516ac6d8370c113e
MD5 hash: 369480624570299e8d09abf03029bbc4
humanhash: juliet-speaker-stairway-single
File name:twain.png
Download: download sample
Signature IcedID
Create hunting rule
File size:171'008 bytes
First seen:2023-02-14 19:18:04 UTC
Last seen:2023-02-14 20:33:18 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7d520c58152fd8881716eed523f85e2e (1 x IcedID)
ssdeep 3072:Yr4JWF89VfP+tBcPm8s7ZCUMQWHZgX4bX4QchwnholNHUuAaGlcLs4fn:YMJWFaP+wPm8sYIWHZarBCaccoA
Threatray 2'808 similar samples on MalwareBazaar
TLSH T169F39E07B7A911B7E17385748C635609EBB6785207219BAF039483393F237A19E3AF35
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter 1ZRR4H
Tags:exe IcedID

Intelligence

File Origin
# of uploads :
2
# of downloads :
247
Origin country :
CL CL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
9052688416.zip
Verdict:
Malicious activity
Analysis date:
2023-02-07 07:55:16 UTC
Tags:
loader
Link:
https://app.any.run/tasks/ed9d5194-b36e-4b9e-b6fb-7bd3195f10c4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/366043/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.65392942.2642.27383.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Gathering data
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/2b317f6a1ffc33b390ef0f9ca4c7227c250dc6e46e9eb198e2ef56ce00e0d360
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/487751e6-a9cb-47a6-b8e3-73cb8f3ae5d6
Result
Threat name:
IcedID
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1167339
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Sigma detected: Execute DLL with spoofed extension
System process connects to network (likely due to code injection or exploit)
Tries to detect virtualization through RDTSC time measurements
Yara detected IcedID
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2b317f6a1ffc33b390ef0f9ca4c7227c250dc6e46e9eb198e2ef56ce00e0d360/
Threat name:
Win64.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2023-02-07 00:59:01 UTC
File Type:
PE+ (Dll)
Extracted files:
1
AV detection:
21 of 38 (55.26%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fmyx62q77qz3hehpb6okjrzcpqsq3rxen2pldghc55lm4aha2nqa._file
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
05a3a84096bcdc2a5cf87d07ede96aff7fd5037679f9585fee9a227c0d9cbf51
IcedID
52ceb2e476f5ba13ad4d56c5292d8c97cff9c24967b54fa7a50cc2a333f2527d
IcedID
66241149fd6ac0ec6bac32141748a8b5a1b0cd1610bd2687cae0c2cfa671945f
IcedID
923715af8f2e49242e18210c143ffd69300cdf675f61ae33c2f2fcbab6df07e2
IcedID
c58b13dc51e572ec288d97aa255d55884d7418466b8381afd1a4278a0be87427
IcedID
fbad60002286599ca06d0ecb3624740efbf13ee5fda545341b3e0bf4d5348cfe
IcedID
+ 2'798 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230214-xzyeqseh8t/
Unpacked files
SH256 hash:
2b317f6a1ffc33b390ef0f9ca4c7227c250dc6e46e9eb198e2ef56ce00e0d360
MD5 hash:
369480624570299e8d09abf03029bbc4
SHA1 hash:
806be56086dc7d3dd75c6328516ac6d8370c113e
Link:
https://www.unpac.me/results/51bfb872-6c82-471d-a08e-21a747d339ba/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2b317f6a1ffc33b390ef0f9ca4c7227c250dc6e46e9eb198e2ef56ce00e0d360

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

IcedID

Executable exe 2b317f6a1ffc33b390ef0f9ca4c7227c250dc6e46e9eb198e2ef56ce00e0d360

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/366043/
  
URLhaus
https://urlhaus.abuse.ch/url/2540093/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2540094/
  
URLhaus
https://urlhaus.abuse.ch/url/2540097/
  
URLhaus
https://urlhaus.abuse.ch/url/2540095/
  
URLhaus
https://urlhaus.abuse.ch/url/2540096/
  
URLhaus
https://urlhaus.abuse.ch/url/2540098/
  
URLhaus
https://urlhaus.abuse.ch/url/2540099/
  
URLhaus
https://urlhaus.abuse.ch/url/2540100/

Comments