MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3387724e5c52e03964904747a605304f0677f8adb519a3c276548971fead152e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3387724e5c52e03964904747a605304f0677f8adb519a3c276548971fead152e
SHA3-384 hash: e0c7038a3e8f7bc342b05c8fc7e85993c23cf6131a873b315f9598ea264a5d50377094e439f35f1faf8041c2037c373b
SHA1 hash: 6e1b5814a07c4b4850eb6603924549f4b68de333
MD5 hash: fe1f75a85aeccbb6a4798b548e3f8ec7
humanhash: hotel-cola-utah-potato
File name:3387724e5c52e03964904747a605304f0677f8adb519a3c276548971fead152e
Download: download sample
Signature IcedID
Create hunting rule
File size:598'415 bytes
First seen:2022-02-01 20:24:11 UTC
Last seen:2022-02-01 21:58:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 20892bde7a09b32166de93b762dd8918 (1 x IcedID)
ssdeep 12288:7X7Pyx4i8MY9eR75NlfolWM23Z0EFNu0qwLb7y/:L7at5SeR75NlfeauXwby/
Threatray 154 similar samples on MalwareBazaar
TLSH T10BD4C026737507B9E023553888634903DA727C71277195EBA7A1224F0F3BBE16A3FB25
Reporter malwarelabnet
Tags:exe IcedID

Intelligence

File Origin
# of uploads :
2
# of downloads :
223
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/229390/
Detection(s):
SecuriteInfo.com.BehavesLike.Win64.Drixed.hc.19256.21193.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
DNS request
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/5727/overview
Behaviour
MeasuringTime
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control.exe greyware overlay packed
Link:
https://www.filescan.io/uploads/61f996fd6d25ac9e79f79c08/reports/8499463b-5a2b-4bb4-bce1-0b5bd59c4670/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a8249dde-decc-49c1-8d70-5de953a90dad
Result
Threat name:
IcedID
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/932071
Signature
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Yara detected IcedID
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 564545 Sample: qIUX7Rc7Pm Startdate: 01/02/2022 Architecture: WINDOWS Score: 68 20 tp.8e49140c2-frontier.amazon.com 2->20 22 dr49lng3n1n2s.cloudfront.net 2->22 24 aws.amazon.com 2->24 26 Multi AV Scanner detection for submitted file 2->26 28 Yara detected IcedID 2->28 30 Sigma detected: Suspicious Call by Ordinal 2->30 8 loaddll64.exe 1 2->8         started        signatures3 process4 process5 10 cmd.exe 1 8->10         started        12 rundll32.exe 8->12         started        14 rundll32.exe 8->14         started        16 2 other processes 8->16 process6 18 rundll32.exe 10->18         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3387724e5c52e03964904747a605304f0677f8adb519a3c276548971fead152e/
Threat name:
Win64.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2022-02-01 20:25:11 UTC
File Type:
PE+ (Dll)
Extracted files:
7
AV detection:
12 of 28 (42.86%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
071daa2f0bf9d587dd5a1abf995af47a25295242023c86ba8f3f95f1c317ddb6
IcedID
32e52d829bbde235d7d00c6c1752f7ee5114de97eee59b22957d0adfab84c9e9
IcedID
41882804f7c0408c2bb901518b6b5434de7926e809ba571728e459229238024b
IcedID
6cf97e438fd5be6092a4337dc225ce9a134b5afe2c10638ab09deca00589b813
IcedID
6e486da9c8430de910b8d1f3c86b4f1dd787591232f854b3d1d77d39606014cb
IcedID
8086e227c4b65c33d119a8d8793d71eb679391508df6caef94974a03d9acc310
IcedID
9aa8a2e20b6d56d65e0448d0959db9870f0c35f1c8491928b14a3487c2f4e047
IcedID
a61b1d70d469b8ca7acdbd26fc859e6aeb229c4636fe9c92eac856914f326ac8
IcedID
ef52b91ce259be65a829fea2a25ce228100d34cff4200386419fe7c00fca893b
IcedID
+ 144 additional samples on MalwareBazaar
Result
Malware family:
icedid
Create hunting rule
Score:
  10/10
Tags:
family:icedid campaign:3806773800 banker persistence suricata trojan
Link:
https://tria.ge/reports/220201-y7ajbabcfm/
Behaviour
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Drops file in Windows directory
Sets service image path in registry
IcedID, BokBot
suricata: ET MALWARE Win32/IcedID Request Cookie
Malware Config
C2 Extraction:
hdtrenity.com
Unpacked files
SH256 hash:
3387724e5c52e03964904747a605304f0677f8adb519a3c276548971fead152e
MD5 hash:
fe1f75a85aeccbb6a4798b548e3f8ec7
SHA1 hash:
6e1b5814a07c4b4850eb6603924549f4b68de333
Link:
https://www.unpac.me/results/120f9e1f-cccc-4c4e-b581-b65152efa7f9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3387724e5c52e03964904747a605304f0677f8adb519a3c276548971fead152e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:crime_win64_bazarloader_packed_sep21
Create hunting rule
Author:Rony (@r0ny_123)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/229390/

Comments