MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4fe56d88c1170a3d0e025b9d8f7939139a7618b3868eb993037c6e3b52d9d501. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IceXLoader


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4fe56d88c1170a3d0e025b9d8f7939139a7618b3868eb993037c6e3b52d9d501
SHA3-384 hash: 1ddfc74cf2b07ac83672a39f95aae60350098a5a894f36522acdf7008c66df8d6c712f9d803baa692c25dcc663a1e606
SHA1 hash: 61a664a064c55cd5c8341fa7a69e94c35d7efd57
MD5 hash: 19f8e6a0242f95219a6f8c4c45061440
humanhash: pennsylvania-black-ink-lake
File name:4fe56d88c1170a3d0e025b9d8f7939139a7618b3868eb993037c6e3b52d9d501.bin
Download: download sample
Signature IceXLoader
Create hunting rule
File size:356'148 bytes
First seen:2022-06-20 17:54:10 UTC
Last seen:2022-06-20 18:43:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ddb8da8ce9f6d7c99471e82a46c98901 (11 x IceXLoader)
ssdeep 6144:ehf/YQgkZgtMYORbAB9lIhHY1yVQhAyPll/s:ehBT4MtAIu1yVQhAyPll/s
Threatray 2 similar samples on MalwareBazaar
TLSH T197744A45EB918CBAC921633B89C7D277623CBAF44763DB476E251934EA132E15FC9302
TrID 33.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
21.3% (.EXE) Win64 Executable (generic) (10523/12/4)
13.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
10.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.1% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter Arkbird_SOLG
Tags:exe IceXLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
316
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/281719/
Detection(s):
SecuriteInfo.com.Variant.Fragtor.93452.16854.28095.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/22088/overview
Behaviour
MalwareBazaar
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug anti-vm evasive overlay spyeye
Link:
https://www.filescan.io/uploads/62b0b47ed37f6643508ef073/reports/e3b6fc6c-b847-4f19-9bd3-b1fcdca53b83/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5b237003-7bf4-4967-aaf4-04f0f4d0dcfa
Result
Threat name:
IceXLoader
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1016566
Signature
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected IceXLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4fe56d88c1170a3d0e025b9d8f7939139a7618b3868eb993037c6e3b52d9d501/
Threat name:
Win32.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2022-06-10 20:04:00 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
22 of 26 (84.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j7sw3cgbc4fd2dqclooy66jzconhmgftq2hlteydprxdwuwz2uaq._file
Verdict:
malicious
Similar samples:
4c26dbee513067e6d327e4b336b29992fd5270a0a8ecd1e9571378a3fb0bdc60
IceXLoader
6d98c8bdb20a85ef44677f3e7eed32c9fee0c18354e3365c28e11cb6130a8794
IceXLoader
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220620-whe2dsbaf2/
Unpacked files
SH256 hash:
4fe56d88c1170a3d0e025b9d8f7939139a7618b3868eb993037c6e3b52d9d501
MD5 hash:
19f8e6a0242f95219a6f8c4c45061440
SHA1 hash:
61a664a064c55cd5c8341fa7a69e94c35d7efd57
Link:
https://www.unpac.me/results/b84fe839-b029-40ff-adde-d7467737ca7a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/4fe56d88c1170a3d0e025b9d8f7939139a7618b3868eb993037c6e3b52d9d501

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:exploit_any_poppopret
Create hunting rule
Author:Jeff White [karttoon@gmail.com] @noottrak
Description:Identify POP -> POP -> RET opcodes for quick ROP Gadget creation in target binaries.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/281719/

Comments