MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5d5bc4f497406b59369901b9a79e1e9d1e0a690c0b2e803f4fbfcb391bcfeef1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

IcedID

Vendor detections: 11

Intelligence 11 IOCs YARA 2 File information Comments

SHA256 hash:	5d5bc4f497406b59369901b9a79e1e9d1e0a690c0b2e803f4fbfcb391bcfeef1
SHA3-384 hash:	25ebed2ab8af63c4da571ed46e13a161d9e7046b7239c7e9a7726a45f0ef190f67b210f3139e5c5f7fe84d50d2c1342c
SHA1 hash:	59dd3d2477211eb4fcd72b542812a2036fa0e1e8
MD5 hash:	0245e02cbb6ffe2716c2aeb7fb8006d0
humanhash:	stairway-pasta-venus-sixteen
File name:	Feonjuackm.bin
Download:	download sample
Signature	IcedID Create hunting rule
File size:	597'504 bytes
First seen:	2023-10-11 23:45:39 UTC
Last seen:	2023-10-31 16:53:07 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	7ce9e53905dcbbd72b6f2fe3c0459df8 (2 x IcedID)
ssdeep	12288:ujan3B7+2OoGEwYXorDxBDWgyv9cii8VPezCTr:Jn3B7+2OyJo/DWz9cS2zW
Threatray	39 similar samples on MalwareBazaar
TLSH	T1B4D4E05A72E40C79EE738139C9536946E672BC211660E93F03A1475ACF3F390AD3BB21
TrID	48.7% (.EXE) Win64 Executable (generic) (10523/12/4) 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 9.3% (.EXE) OS/2 Executable (generic) (2029/13) 9.2% (.EXE) Generic Win/DOS Executable (2002/3) 9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter	JAMESWT_WT
Tags:	exe gestionhqse-com IcedID

Intelligence

File Origin

# of uploads :

# of downloads :

392

Origin country :

Vendor Threat Intelligence

Malware family:

icedid

ID:

File name:

New_Working_Conditions_2023.10.11_08-07.vbs

Verdict:

Malicious activity

Analysis date:

2023-10-11 18:42:23 UTC

Tags:

icedid bokbot loader

Link:

https://app.any.run/tasks/60cb3eae-d6b4-4f66-b114-3aa1a44c6c24

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/453580/

Detection(s):

SecuriteInfo.com.Trojan.MulDrop24.1283.20774.5888.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

Creating a file in the %AppData% subdirectories

DNS request

Sending a custom TCP request

Enabling autorun by creating a file

Gathering data

Verdict:

No Threat

Threat level:

10/10

Confidence:

100%

Tags:

control greyware lolbin masquerade packed

Link:

https://www.filescan.io/uploads/652733c2c51de9263e58857e/reports/3c28e4f6-d2e8-4463-8d35-c2c95708c98b/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/5d5bc4f497406b59369901b9a79e1e9d1e0a690c0b2e803f4fbfcb391bcfeef1

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/8b7e39f9-feaa-4861-8bd6-4aa7e824be61

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5d5bc4f497406b59369901b9a79e1e9d1e0a690c0b2e803f4fbfcb391bcfeef1/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=lvn4j5exibvvsnuzag42phq6tupau2imbmxiap2px7ftsg6p53yq._file

Verdict:

malicious

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/231011-3scgkscb8y/

Behaviour

Modifies registry class

Uses Task Scheduler COM API

Unpacked files

SH256 hash:

3351db381fab3ae6cb0f8819c471b352ec55fc5aca791d76f17e4ebf11ea6d39

MD5 hash:

78a1c4ffd1e89195b63bcbc1645384e1

SHA1 hash:

3e6e064b36874db5603cd68fe3b3533eff23b76d

Detections:

IcedIDCoreLoaderFork

Link:

https://www.unpac.me/results/c5c7ed57-a625-4ee1-997a-e2e7a157fdf3/

Parent samples :

766653b6e5db8d5ffc46735bc95d73aa75ec2e3776136076f76a1fd6483518c5
5d5bc4f497406b59369901b9a79e1e9d1e0a690c0b2e803f4fbfcb391bcfeef1
f8036b4993d07ca0d117b299c9111370cfbb01c69da2ee831d8064c7f0da899e
66544c0d152db0cd4b46d6571381faafae70ce85f309a7e1990ea1bbb3b99017

SH256 hash:

5d5bc4f497406b59369901b9a79e1e9d1e0a690c0b2e803f4fbfcb391bcfeef1

MD5 hash:

0245e02cbb6ffe2716c2aeb7fb8006d0

SHA1 hash:

59dd3d2477211eb4fcd72b542812a2036fa0e1e8

Link:

https://www.unpac.me/results/c5c7ed57-a625-4ee1-997a-e2e7a157fdf3/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/5d5bc4f497406b59369901b9a79e1e9d1e0a690c0b2e803f4fbfcb391bcfeef1

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	TrojanSpy_EMOTET_W4 Create hunting rule
Author:	Ian Kenefick (Trend Micro)
Description:	Emotet x64 Loader

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/453580/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample