MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 437593520bc826331731c5f879a4f2f85720801e6eefb6a9f8180711630b56dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 437593520bc826331731c5f879a4f2f85720801e6eefb6a9f8180711630b56dd
SHA3-384 hash: 41974e7675f2ed200f877f0c2423dd86b3c87c30e11b954e3000f850c34efb1e61d4c539a618935dbb1d12e41160a94d
SHA1 hash: d0ae5672ef5aac051d1a845ee5968396258b7e4c
MD5 hash: 87fffe8fbc029f03f158087b36db8629
humanhash: carolina-social-lemon-beryllium
File name:437593520bc826331731c5f879a4f2f85720801e6eefb6a9f8180711630b56dd
Download: download sample
Signature IcedID
Create hunting rule
File size:622'225 bytes
First seen:2022-02-09 16:43:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 01f87ec9e1e36146b71b7ffce4fd5fa9 (20 x IcedID)
ssdeep 12288:FTsor70Aeojgc4+o07OCi6HY7FpW0zm0pF:FTXjeojgc4+lDZY5pF
Threatray 182 similar samples on MalwareBazaar
TLSH T1DAD4AF39636507B5E0739434C9734943C6F17CB117B095EBA3A1325A0E3BFE5A63AB22
Reporter malwarelabnet
Tags:exe IcedID

Intelligence

File Origin
# of uploads :
1
# of downloads :
364
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/239744/
Detection(s):
SecuriteInfo.com.VHO.Trojan.Win32.Sdum.gen.11852.3673.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
DNS request
Sending an HTTP GET request
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/6549/overview
Behaviour
MeasuringTime
SystemUptime
CheckCmdLine
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control.exe greyware overlay packed
Link:
https://www.filescan.io/uploads/6203ef60c649d4049451c959/reports/7fba5cbb-04d1-40e8-8fdd-88f0c36d9025/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a011fbef-d88e-455e-8c42-fe5780190b9f
Result
Threat name:
IcedID
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/937067
Signature
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Yara detected IcedID
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 569547 Sample: AoSGMkPtaG Startdate: 09/02/2022 Architecture: WINDOWS Score: 60 19 Multi AV Scanner detection for submitted file 2->19 21 Yara detected IcedID 2->21 23 Sigma detected: Suspicious Call by Ordinal 2->23 7 loaddll64.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 rundll32.exe 7->11         started        13 rundll32.exe 7->13         started        15 2 other processes 7->15 process5 17 rundll32.exe 9->17         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/437593520bc826331731c5f879a4f2f85720801e6eefb6a9f8180711630b56dd/
Threat name:
Win64.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2022-02-09 16:44:10 UTC
File Type:
PE+ (Dll)
Extracted files:
7
AV detection:
19 of 27 (70.37%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
0407d4283508af13a9616360c14796030d3e5669af0aca60c99ac11df3555a74
IcedID
1b09fe2663baafee1ee17274c69ab41c98c6bfa1fd606bf75a40fa2756ff0f32
IcedID
326240f8452d146c9296987a3d8e0e030e8284b5b2282dd18e8edb24cfc5f738
IcedID
3317bb0f6350fcafa46c50971b15f4904bfa1e7eca3ad1d01dfce96b6a3be699
IcedID
77a48406e75b59187008d6d2cc1f2ee49efb80daf9be762d2038a6295a0e1cb7
IcedID
7e58885d64fe5f8fc4e9cde9822d78ddfd2f2cb514947a8b06468a9e96819e8b
IcedID
9a14d0ece36e1e9b50db6d65b6ae4306e28b309b7f2dda80daa831ee70118ba6
IcedID
e9a9233d64bd7c0ebab2f33ddece6ea0a97d8bd7ed45f9a43ef58557fd05e819
IcedID
eefc3f9adac700e0282849c294ac9dc7b6ef7caee0bad4ac88b9cd1f2d48bf34
IcedID
f223e9c1404a6de25b007fd7970afb881d6e47c6b609fcbc8fd7e3299cf15843
IcedID
+ 172 additional samples on MalwareBazaar
Result
Malware family:
icedid
Create hunting rule
Score:
  10/10
Tags:
family:icedid campaign:1732687004 banker trojan
Link:
https://tria.ge/reports/220209-t8tlcsahg9/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Drops file in Windows directory
IcedID, BokBot
Malware Config
C2 Extraction:
keepfootbal.com
Unpacked files
SH256 hash:
437593520bc826331731c5f879a4f2f85720801e6eefb6a9f8180711630b56dd
MD5 hash:
87fffe8fbc029f03f158087b36db8629
SHA1 hash:
d0ae5672ef5aac051d1a845ee5968396258b7e4c
Link:
https://www.unpac.me/results/9e65a127-59c8-4a1f-a3f2-54458ba99bb7/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/239744/

Comments