MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 501c05b11d90bbcc5b9439a41a66f9a4e1704447f795ce336492eb5e25c4ef8a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 501c05b11d90bbcc5b9439a41a66f9a4e1704447f795ce336492eb5e25c4ef8a
SHA3-384 hash: 037d8a67517e79afa2d597e1d35139c48b2b54d7d2c7cd09ae056e76b9f43c8ef768cddcc4901c111294ba4084ef8a14
SHA1 hash: 5c8b878a1a8a19d4f2fbd00d142505a547d3487e
MD5 hash: 1d493193d6b05687fcbc451c26117559
humanhash: alanine-kitten-august-sink
File name:Kiroepdn3.dll
Download: download sample
Signature IcedID
Create hunting rule
File size:272'896 bytes
First seen:2022-08-23 23:24:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 6144:2yMA65xGTqZfA5B5ncFWfUnISzJ0fC7zyiyZttS7:2VrGTqVM5cFW962K/yiyd
Threatray 115 similar samples on MalwareBazaar
TLSH T16C442920F383D1D7D85914358585BCDA1232AD51AFCDDFCE8B607FE21922A62EB1DE06
TrID 33.6% (.EXE) OS/2 Executable (generic) (2029/13)
33.1% (.EXE) Generic Win/DOS Executable (2002/3)
33.1% (.EXE) DOS Executable Generic (2000/1)
Reporter malware_traffic
Tags:64-bit BokBot dll exe IcedID


Avatar
malware_traffic
File location: C:\Users\[username]\AppData\Roaming\[username]\[username]\Kiroepdn3.dll
File description: 64-bit persistent DLL for IcedID
Run method: rundll32.exe [filename],#1 --tapeeb="[path to license.dat]"

Intelligence

File Origin
# of uploads :
1
# of downloads :
403
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Kiroepdn3.dll
Verdict:
No threats detected
Analysis date:
2022-08-23 23:26:28 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/75852a4a-2ba1-484a-a245-6856f41b7a38

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/300681/
Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/63056247c9bbd990978cd302/reports/077366bb-86d2-4b50-a58a-b1986a03959c/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
IcedID
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ca71cd08-d85b-48b2-bb89-bdf4127d39f0
Result
Threat name:
IcedID
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1056660
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Yara detected IcedID
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 689177 Sample: Kiroepdn3.dll Startdate: 24/08/2022 Architecture: WINDOWS Score: 76 19 Multi AV Scanner detection for domain / URL 2->19 21 Malicious sample detected (through community Yara rule) 2->21 23 Antivirus detection for URL or domain 2->23 25 2 other signatures 2->25 7 loaddll64.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 rundll32.exe 7->11         started        13 rundll32.exe 7->13         started        15 6 other processes 7->15 process5 17 rundll32.exe 9->17         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/501c05b11d90bbcc5b9439a41a66f9a4e1704447f795ce336492eb5e25c4ef8a/
Threat name:
Win64.Trojan.IcedID
Create hunting rule
Status:
Suspicious
First seen:
2022-08-23 23:25:08 UTC
File Type:
PE+ (Dll)
Extracted files:
1
AV detection:
7 of 26 (26.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kaoalmi5sc54yw4uhgsbuzxzutqxarch66k44m3eslvv4joe56fa._file
Verdict:
unknown
Similar samples:
21ac934d3aa98d29e784fa39d9264c307ade550a7dd43294bf386d46fd6a8218
IcedID
2a640c29784cbbd0596f891d0441ca6eee93df6fac2099458d119cceeaa319cd
IcedID
302c3947f06cbc4cac187f9ec7ae4e24e19633667d009ff1ac44e807cf5f4ace
IcedID
5f475220b444b81a9a18bc08f4c67a63d6c4bc3a2ebd9ff3b1cb90434e539335
IcedID
78bfb7e237882d6ccb83e4e70ffd9f1f06cd834eddeb792108352c257b719b4a
IcedID
7d0f80026a49bdc5c9e6b6bb614b37a9edbb0ca50127c7078ff52d4fc729afa8
IcedID
8a27d6d4ebe9d3952090f40e744665afc1fbd5c92cb85fbc2a87c3577864daad
IcedID
8d8c3b2faad41e9ab9f51921a9f255c5c5010ab8adc2fdb77a0aa04572dda0c2
IcedID
be5f53f3c41671c23e00ce8665c75ffd1ce170fd0e098309417d009013b51f2d
IcedID
ce82d4823d35d70b941eed97aad3a8d3dd271a0f64963e3344d0efc7ab3ab298
IcedID
+ 105 additional samples on MalwareBazaar
Result
Malware family:
icedid
Create hunting rule
Score:
  10/10
Tags:
family:icedid botnet:1573268852 banker core_loader trojan
Link:
https://tria.ge/reports/220823-3d95asebc6/
Behaviour
IcedID, BokBot
Malware Config
C2 Extraction:
peranistaer.top
gruvihabralo.nl
klareqvino.com
ultomductingbig.pro
Unpacked files
SH256 hash:
501c05b11d90bbcc5b9439a41a66f9a4e1704447f795ce336492eb5e25c4ef8a
MD5 hash:
1d493193d6b05687fcbc451c26117559
SHA1 hash:
5c8b878a1a8a19d4f2fbd00d142505a547d3487e
Link:
https://www.unpac.me/results/d3bdd66c-2f83-4577-a70b-8328d186f9d3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/501c05b11d90bbcc5b9439a41a66f9a4e1704447f795ce336492eb5e25c4ef8a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/300681/

Comments