MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5d3eb542453ede693e6883aea44045d6d191d47a2751a4e6e6aea43a9d750c08. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5d3eb542453ede693e6883aea44045d6d191d47a2751a4e6e6aea43a9d750c08
SHA3-384 hash: 599001efaf7f11f5ee91188b76a159c7f7562620ae0d18c9062a1ed0d66c412d6fb877a0d6414a47f3093c842beaa377
SHA1 hash: b0d4e10274dc824125d35ff39ecefd5fb0534514
MD5 hash: 37d28ce5716b95e39af234dd1a99ef4e
humanhash: hamper-aspen-ten-edward
File name:5d3eb542453ede693e6883aea44045d6d191d47a2751a4e6e6aea43a9d750c08
Download: download sample
Signature IcedID
Create hunting rule
File size:620'326 bytes
First seen:2022-02-04 15:08:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 01f87ec9e1e36146b71b7ffce4fd5fa9 (20 x IcedID)
ssdeep 12288:FTsor70Aeojgc4+o07OCi6HY7FpW0zm0pF:FTXjeojgc4+lDZY5pF
Threatray 165 similar samples on MalwareBazaar
TLSH T1EDD4AF39636507B5E0739434C9734943C6F17CB117B095EBA3A1325A0E3BFE5A63AB22
Reporter malwarelabnet
Tags:exe IcedID

Intelligence

File Origin
# of uploads :
1
# of downloads :
295
Origin country :
n/a
Vendor Threat Intelligence
Detection:
IcedIDLoader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/233049/
Detection(s):
SecuriteInfo.com.VHO.Trojan.Win32.Sdum.gen.4058.21816.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.VHO.Trojan.Win32.Sdum.gen.11852.3673.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
DNS request
Sending an HTTP GET request
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/5999/overview
Behaviour
MeasuringTime
SystemUptime
EvasionGetTickCount
EvasionQueryPerformanceCounter
CheckCmdLine
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/b38fe5b5-917a-4308-b0ba-0fdfde2b97be
Result
Threat name:
IcedID
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/934033
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Found malware configuration
Sigma detected: Suspicious Call by Ordinal
Yara detected IcedID
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 566509 Sample: vnA3gRVPHR Startdate: 04/02/2022 Architecture: WINDOWS Score: 80 19 Found malware configuration 2->19 21 Antivirus detection for URL or domain 2->21 23 Yara detected IcedID 2->23 25 2 other signatures 2->25 7 loaddll64.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 rundll32.exe 7->11         started        13 rundll32.exe 7->13         started        15 2 other processes 7->15 process5 17 rundll32.exe 9->17         started       
Gathering data
Threat name:
Win64.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2022-02-04 15:09:12 UTC
File Type:
PE+ (Dll)
Extracted files:
7
AV detection:
14 of 28 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lu7lkqsfh3pgsptiqoxkiqcf23izdvd2e5i2jzxgv2sdvhlvbqea._file
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
326240f8452d146c9296987a3d8e0e030e8284b5b2282dd18e8edb24cfc5f738
IcedID
32e52d829bbde235d7d00c6c1752f7ee5114de97eee59b22957d0adfab84c9e9
IcedID
4b4ef74c5e07471f8b5d379723d468e378798a49ba5446a71be1b135cae4bf07
IcedID
6cf97e438fd5be6092a4337dc225ce9a134b5afe2c10638ab09deca00589b813
IcedID
6e486da9c8430de910b8d1f3c86b4f1dd787591232f854b3d1d77d39606014cb
IcedID
9a09137e28cc0e5af606db45d95f1fb46e1024129eb065e2d854c7aecda82ba0
IcedID
a61b1d70d469b8ca7acdbd26fc859e6aeb229c4636fe9c92eac856914f326ac8
IcedID
dc4b2b8ee104fee5dcbd7b3cbf4a06de27527cd8a8017f6268eb311cf9226282
IcedID
dd5e4ae90684b88a78ef90c46f1d6329d539348abbc497e0052ee53511b06290
IcedID
e802ba75f63f64018ca2218a04e6a75baeca3e80f1f922db015b3f5973f2ca85
IcedID
+ 155 additional samples on MalwareBazaar
Result
Malware family:
icedid
Create hunting rule
Score:
  10/10
Tags:
family:icedid campaign:1732687004 banker persistence suricata trojan
Link:
https://tria.ge/reports/220204-sjf4asbfdn/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Sets service image path in registry
IcedID, BokBot
suricata: ET MALWARE Win32/IcedID Request Cookie
Malware Config
C2 Extraction:
keepfootbal.com
Unpacked files
SH256 hash:
5d3eb542453ede693e6883aea44045d6d191d47a2751a4e6e6aea43a9d750c08
MD5 hash:
37d28ce5716b95e39af234dd1a99ef4e
SHA1 hash:
b0d4e10274dc824125d35ff39ecefd5fb0534514
Link:
https://www.unpac.me/results/1ef1fbf8-b3ce-44b5-84db-5dba3dea6a49/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5d3eb542453ede693e6883aea44045d6d191d47a2751a4e6e6aea43a9d750c08

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/233049/

Comments