MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 681217e6c8ed3ed37c1312646afb8e0cfe25e6840f461d10a7d9cdd4ffa725cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

IcedID

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	681217e6c8ed3ed37c1312646afb8e0cfe25e6840f461d10a7d9cdd4ffa725cb
SHA3-384 hash:	6acaf83d10c23ecaf74cc9c468285006eb31f841f43454d1aacb4a1703ee447567cd25ee6376c4c63d8a002a6b5ed1bc
SHA1 hash:	96f5d75af40b30738c06f78dfb1dd09c485ac513
MD5 hash:	6b8d028370567e717055e49101d460fa
humanhash:	fifteen-artist-yellow-speaker
File name:	O p e n.bat
Download:	download sample
Signature	IcedID Create hunting rule
File size:	1'679 bytes
First seen:	2023-02-21 21:59:21 UTC
Last seen:	Never
File type:	bat
MIME type:	text/plain
ssdeep	48:546vsqjkfhlzextB9xrjRauBwBvo6Bf6Nee85nJJy5+l5nJJxB:7vzoLYBLj/T2ee1nJJrnJJf
Threatray	1'391 similar samples on MalwareBazaar
TLSH	T1DA31CE3F083E9A36B1B7A0EB9B5A3AD15BCDC7B21748EE9C4E010D853F240E50246D05
Reporter	pr0xylife
Tags:	bat IcedID

Intelligence

File Origin

# of uploads :

1

# of downloads :

164

Origin country :

RU

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

Contract_02_21_Copy#909.one

Verdict:

No threats detected

Analysis date:

2023-02-21 22:00:34 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/81b7722b-8734-4b4b-bfb5-a217170011d1

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/368751/

Detection(s):

SecuriteInfo.com.Generic.BAT.Downloader.G.056C5BDF.29503.11942.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a custom TCP request

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

75%

Tags:

packed

Link:

https://www.filescan.io/uploads/63f53ee5d385ee58584e6504/reports/37a3559e-984c-46c1-8ffa-5c7f6f0b956c/overview

Verdict:

Malicious

Labled as:

BAT.Downloader.G.Generic

Link:

https://www.hybrid-analysis.com/sample/681217e6c8ed3ed37c1312646afb8e0cfe25e6840f461d10a7d9cdd4ffa725cb

Result

Verdict:

MALICIOUS

Result

Threat name:

IcedID

Detection:

malicious

Classification:

troj.evad

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/1180131

Signature

Powershell drops PE file

Sigma detected: Execute DLL with spoofed extension

Suspicious powershell command line found

System process connects to network (likely due to code injection or exploit)

Tries to detect virtualization through RDTSC time measurements

Yara detected IcedID

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/681217e6c8ed3ed37c1312646afb8e0cfe25e6840f461d10a7d9cdd4ffa725cb/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2023-02-21 22:00:08 UTC

File Type:

Text (Batch)

AV detection:

3 of 39 (7.69%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=najbpzwi5u7ng7atcjsgv64obt7clzueb5db2efh3hg5j75hexfq._file

Verdict:

malicious

Label(s):

icedid

Similar samples:

168e8a92e64f024346dd703ed9356f4e0bdf7d2130048e68da36291bbc9421a1

1ab812f7d829444dc703eeb02ea0a955ec839d5e2a9b619d44ac09a91135cad1

265c1857ac7c20432f36e3967511f1be0b84b1c52e4867889e367c0b5828a844

2b317f6a1ffc33b390ef0f9ca4c7227c250dc6e46e9eb198e2ef56ce00e0d360

95ad74c1dff5293c49c955a4e77c17e6912c7b8d1fc8f5f4c6f05ac77a56a9ab

99dfb7baafec050861e152a036af86fc0c7663f3c719d58a56dfd9f06f4b8cef

a5f81b3f092a05dc7026957e5d716e5976a38b152d1823ac76b84e189aa4a75b

ca04842f4ead02f9ca4bb59856102b738ce2fb10bf18a4e087284e5a1b4d1380

+ 1'381 additional samples on MalwareBazaar

Result

Malware family:

icedid

Score:

10/10

Tags:

family:icedid campaign:3329953471 banker loader trojan

Link:

https://tria.ge/reports/230221-1wmqlsaf4t/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Loads dropped DLL

Blocklisted process makes network request

Downloads MZ/PE file

IcedID, BokBot

Malware Config

C2 Extraction:

aerilaponawki.com

Malware family:

IcedID

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/681217e6c8ed/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.70

Link:

https://yomi.yoroi.company/submissions/681217e6c8ed3ed37c1312646afb8e0cfe25e6840f461d10a7d9cdd4ffa725cb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/368751/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample