MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 66241149fd6ac0ec6bac32141748a8b5a1b0cd1610bd2687cae0c2cfa671945f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 66241149fd6ac0ec6bac32141748a8b5a1b0cd1610bd2687cae0c2cfa671945f
SHA3-384 hash: 7bd3b6a9282b585fc3b4abf9a6d2c66847fddd725fbf412e1541ddef1a574591ea0f8a3dba7224320d0db283d56cdfbb
SHA1 hash: 62c298381030c807e79ba788b35da39c9ec9eff7
MD5 hash: 833193115b21757cfd256bcb064c5a26
humanhash: october-oklahoma-single-eight
File name:apple.png.jpg
Download: download sample
Signature IcedID
Create hunting rule
File size:329'728 bytes
First seen:2023-02-08 15:12:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 54274b0fcb0b5b59b8f4717640e7cdaf (1 x IcedID)
ssdeep 6144:vY8Rf3XeWBNjIAo1SnT/QTULpFZohRIas:vY8RveWBNjwsT/QioT
Threatray 2'774 similar samples on MalwareBazaar
TLSH T14E646B09B2A550F8E173A13C89675906D7F2F8254770DAEF13B0421A7F377D0AA3AB61
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter pr0xylife
Tags:exe IcedID

Intelligence

File Origin
# of uploads :
1
# of downloads :
245
Origin country :
IE IE
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
apple.png.jpg
Verdict:
No threats detected
Analysis date:
2023-02-08 15:13:08 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/eb562483-f153-4766-865d-30a4a04a54c1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/362037/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Verdict:
No Threat
Threat level:
  2/10
Confidence:
67%
Tags:
greyware shell32.dll
Link:
https://www.filescan.io/uploads/63e3bbfffc49e4bf1c3182d1/reports/daf8b2d1-68ab-4ab9-a5f3-140da44c3a8f/overview
Verdict:
Malicious
Labled as:
VirTool/W64.Obfuscator
Link:
https://www.hybrid-analysis.com/sample/66241149fd6ac0ec6bac32141748a8b5a1b0cd1610bd2687cae0c2cfa671945f
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/b29a8417-05ad-4632-8d7a-c896285c856d
Result
Threat name:
IcedID
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1169048
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Sigma detected: Execute DLL with spoofed extension
System process connects to network (likely due to code injection or exploit)
Tries to detect virtualization through RDTSC time measurements
Yara detected IcedID
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/66241149fd6ac0ec6bac32141748a8b5a1b0cd1610bd2687cae0c2cfa671945f/
Threat name:
Win64.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2023-02-08 15:13:05 UTC
File Type:
PE+ (Dll)
Extracted files:
6
AV detection:
19 of 26 (73.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mysbcsp5nlaoy25mgikbosfiwwq3btiwcc6snb6k4dbm7jtrsrpq._file
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
05a3a84096bcdc2a5cf87d07ede96aff7fd5037679f9585fee9a227c0d9cbf51
IcedID
21249ce24600b1feac26a2a9883f3c6de299681a924be281630bc3869f0f4044
IcedID
52ceb2e476f5ba13ad4d56c5292d8c97cff9c24967b54fa7a50cc2a333f2527d
IcedID
923715af8f2e49242e18210c143ffd69300cdf675f61ae33c2f2fcbab6df07e2
IcedID
c58b13dc51e572ec288d97aa255d55884d7418466b8381afd1a4278a0be87427
IcedID
f33c98f80a5d4647e5a0e5bc2a950d0aa99d0b14ed85467238b384f5e4e8f9e1
IcedID
fbad60002286599ca06d0ecb3624740efbf13ee5fda545341b3e0bf4d5348cfe
IcedID
+ 2'764 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230208-slqqhsca93/
Unpacked files
SH256 hash:
66241149fd6ac0ec6bac32141748a8b5a1b0cd1610bd2687cae0c2cfa671945f
MD5 hash:
833193115b21757cfd256bcb064c5a26
SHA1 hash:
62c298381030c807e79ba788b35da39c9ec9eff7
Link:
https://www.unpac.me/results/b97c6f05-f622-4fc2-91eb-8cd486bf1fae/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/66241149fd6ac0ec6bac32141748a8b5a1b0cd1610bd2687cae0c2cfa671945f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

IcedID

Microsoft OneNote (one) one ea3de7e7f4c2b293a98e568251dd7f36c4e199586df33f3140164d347fd8f122

IcedID

Executable exe 66241149fd6ac0ec6bac32141748a8b5a1b0cd1610bd2687cae0c2cfa671945f

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/362037/
  
Dropped by
SHA256 ea3de7e7f4c2b293a98e568251dd7f36c4e199586df33f3140164d347fd8f122
  
Dropped by
MD5 5aae5ce999ebbbdbb1f296a7681ba337

Comments