MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 370e88365578673166f376e689603efdc9cff084df9f36ca3a7e96068f1e16b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

IcedID

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	370e88365578673166f376e689603efdc9cff084df9f36ca3a7e96068f1e16b1
SHA3-384 hash:	31d88ac8fd1ffc19be27a071329de11bddabf8ade4c31a87f10485e41aa7ee17f8c208feb0caae30351e00102d4f2a1e
SHA1 hash:	a9357dabbd3530b3629b57cc67fb8b7067451f52
MD5 hash:	4b5bfea94ebec929317edec2b119cc7c
humanhash:	yankee-dakota-solar-twelve
File name:	Scan_Doc_07-26(347).pdf
Download:	download sample
Signature	IcedID Create hunting rule
File size:	136'999 bytes
First seen:	2023-07-26 15:50:26 UTC
Last seen:	Never
File type:	pdf
MIME type:	application/pdf
ssdeep	3072:oRkHxP3w+goZw1+TgIf9n9qZHxreZGf5feizv6h/F1WXDS:5HxPsoGkvgHrOGRfeP/F1WTS
TLSH	T1C8D312C7D57F8D0DE96E993EC47998870BFB56352ECCB3B07E1488C65C44A40AA419F8
Reporter	k3dg3___
Tags:	3297324279 IcedID pdf pw-524 pw_524

Intelligence

File Origin

# of uploads :

1

# of downloads :

431

Origin country :

US

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.PDF.PhishingX-gen.24299.2674.UNOFFICIAL

Result

Verdict:

Suspicious

File Type:

PDF File

Link:

https://app.docguard.net/370e88365578673166f376e689603efdc9cff084df9f36ca3a7e96068f1e16b1/results/dashboard

Gathering data

Verdict:

Suspicious

Labled as:

Hoax.PDF.Phish

Link:

https://www.hybrid-analysis.com/sample/370e88365578673166f376e689603efdc9cff084df9f36ca3a7e96068f1e16b1

Label:

Benign

Suspicious Score:

/10

Score Malicious:

1%

Score Benign:

99%

Link:

https://www.malware.ai/gui/files/?id=499712eb-9f31-4d42-8b72-69f4986d8a59

Result

Verdict:

MALICIOUS

Details

Document With Few Pages

Document contains between one and three pages of content. Most malicious documents are sparse in page count.

IPv4 Dotted Quad URL

A URL was detected referencing a direct IP address, as opposed to a domain name.

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1280345

Signature

Found potential malicious PDF (bad image similarity)

Multi AV Scanner detection for submitted file

Potential malicious clickable URLs found in PDF

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/370e88365578673166f376e689603efdc9cff084df9f36ca3a7e96068f1e16b1/

Threat name:

Document-PDF.Phishing.Generic

Status:

Malicious

First seen:

2023-07-26 15:51:07 UTC

File Type:

Document

Extracted files:

2

AV detection:

3 of 38 (7.89%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=g4hiqnsvpbttczxto3tisyb67xe474ee36ptnsr2p2landy6c2yq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/370e88365578673166f376e689603efdc9cff084df9f36ca3a7e96068f1e16b1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

pdf 370e88365578673166f376e689603efdc9cff084df9f36ca3a7e96068f1e16b1

(this sample)

exe fb1484a7ccc41e954702a9bb1deb647125403a6096afb767dd8d7fbad9d13703

X

https://twitter.com/k3dg3/status/1684221554043781129

Dropping

SHA256 fb1484a7ccc41e954702a9bb1deb647125403a6096afb767dd8d7fbad9d13703

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample