MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 503c06baa3c5e26f48acc637842e04bc30248c40adef3ee809cc0292cb8e4cc0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 5


Intelligence 5 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 503c06baa3c5e26f48acc637842e04bc30248c40adef3ee809cc0292cb8e4cc0
SHA3-384 hash: 255ff531a343d0c2a16892e3355d1d821055a2d35faad7e467a21a4055b16d5cb6428bec3366a0b064c7ce389b57f06c
SHA1 hash: df4d8891be56d7f361c8daceb376bac5c76d1a1d
MD5 hash: 090696452f94eed7cb11df5087af86c8
humanhash: eight-april-four-nineteen
File name:data.exe
Download: download sample
Signature IcedID
Create hunting rule
File size:319'488 bytes
First seen:2020-06-10 21:59:43 UTC
Last seen:2020-06-10 22:41:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9a3ce1f55fffd7d86fadd606dfba3377 (1 x IcedID)
ssdeep 6144:IiZyB3eiVQNR6Q3Yr1t/YMv6+X1mXQ3UwTAEmh3TjdFO:z6QIBtA+1mA3HHmp
Threatray 418 similar samples on MalwareBazaar
TLSH D4649D02B3E1C0B6E6A356320FE29B72A3BDFE514D7597076391BB1DAD306C19936312
Reporter James_inthe_box
Tags:exe IcedID

Intelligence

File Origin
# of uploads :
2
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
IcedID
Create hunting rule
Link:
https://www.capesandbox.com/analysis/7693/
Detection(s):
PUA.Win.Packer.Armadillo-65
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 17:50:39 UTC
File Type:
PE (Exe)
Extracted files:
40
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
1fbede7e5ad40bf07aec1ad11f6fc4203c2cf2236c95dd5e81be4c742166054a
IcedID
33ee572238490c5fb2b183ebcbeeb67602dd1578aa2b8a4d189a735adc82d101
IcedID
7080a3f1e096628a4b498fba078b2bc9cb3706145e0770de5f43108daa28b0aa
IcedID
7be97a8a8b5d1998868aeff9f0deba54482cd4c0d220423ed1f0ae3eb1442c27
IcedID
8b282e9e0af37774a537540971ffc1aa49fffc3279d630bf11cd7a3ef54083f0
IcedID
9855e6cab6dc7b89aa792aafd85bf39ac186954964427fc6e4c236a0a613d8e4
IcedID
b742590b8b2d11205f4993f167f602b7f47b8ac07d5661bfd2ac336c9e7d750d
IcedID
b9689def990ba4d8db5f260e373c7ccd442ce09b468af9d97a906cfda1863826
IcedID
c6fb63b8f9923126a10d8cdc2f8cdd5fb0ac2b5c76ffe41d8618f16097f31fce
IcedID
e13cd3e0597f4b7a641177eb56d8b1302490c06472a344d1663cd319fcae58cf
IcedID
+ 408 additional samples on MalwareBazaar
Result
Malware family:
icedid
Create hunting rule
Score:
  10/10
Tags:
family:icedid banker trojan
Link:
https://tria.ge/reports/201109-73ft2rmhf2/
Behaviour
Modifies system certificate store
Suspicious use of SetWindowsHookEx
IcedID First Stage Loader
IcedID, BokBot
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Cobalt_functions
Create hunting rule
Author:@j0sm1
Description:Detect functions coded with ROR edi,D; Detect CobaltStrike used by differents groups APT
Rule name:IceID_Bank_trojan
Create hunting rule
Author:unixfreaxjp
Description:Detects IcedID..adjusted several times

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/7693/
  
URLhaus
https://urlhaus.abuse.ch/url/386399/

Comments