MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 69f96e1f1546fe08d6d01e17a7d85ef00b5866dff033906c7883d769d1305c51. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 69f96e1f1546fe08d6d01e17a7d85ef00b5866dff033906c7883d769d1305c51
SHA3-384 hash: 8918b16debe7568a0a24187efb16dcead363da124d4d67b8c2780f2c4ce423d7245482a52680192363f6c664f595bc0f
SHA1 hash: 39bc2786444dbcf4a821dfcd1b3112affb17cc6f
MD5 hash: a2022c9b7123a87584ed06988c38b7c2
humanhash: fillet-thirteen-stream-oven
File name:Ixuanlsr.kNu
Download: download sample
Signature IcedID
Create hunting rule
File size:56'320 bytes
First seen:2022-07-11 17:20:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 1536:X4U9n2bKNJKR6Os+rOo5qgn+gtTkiHhKC:39n2bKNG6f6Oalkio
Threatray 405 similar samples on MalwareBazaar
TLSH T182438C69E88834D6D56D41B6C6427DAA323277958ED9CCCAD028BEE312A3F31FF05741
TrID 33.6% (.EXE) OS/2 Executable (generic) (2029/13)
33.1% (.EXE) Generic Win/DOS Executable (2002/3)
33.1% (.EXE) DOS Executable Generic (2000/1)
Reporter pr0xylife
Tags:exe IcedID

Intelligence

File Origin
# of uploads :
1
# of downloads :
360
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Ixuanlsr.kNu
Verdict:
No threats detected
Analysis date:
2022-07-11 17:30:16 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ab8a5d78-86a6-4185-85a8-6f4049abdf3b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
IcedIDLoader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/286349/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/62cc5c438cb06ef4b09f9e2b/reports/17e00b88-4b1f-4e1b-8444-26481e1e1d81/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
IcedID
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3de3337e-2378-4e08-83f8-63aa0b00a5bf
Result
Threat name:
IcedID
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1028809
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
System process connects to network (likely due to code injection or exploit)
Tries to detect virtualization through RDTSC time measurements
Yara detected IcedID
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/69f96e1f1546fe08d6d01e17a7d85ef00b5866dff033906c7883d769d1305c51/
Threat name:
Win64.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2022-07-11 17:21:07 UTC
File Type:
PE+ (Dll)
AV detection:
17 of 26 (65.38%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nh4w4hyvi37arvwqdyl2pwc66afvqzw76azza3dyqplwtujqlriq._file
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
0581f0bf260a11a5662d58b99a82ec756c9365613833bce8f102ec1235a7d4f7
IcedID
0a497cdeb92189e1611c15669897de70e8aed2be2484346686252bea387abfa4
IcedID
3dfe63d2c9a7e2f848d2f92171cc577158318b4e9cb62e74ec603be84ba13109
IcedID
4b312a119321503383fbf9aaf65659046656096a7551d5a581f5cbb0055493c3
IcedID
670790c8b4649865ef391bac63417c00ffbaa203c5df36d6c9720832b0949dcb
IcedID
7be9d46382e6b03c2d29f85755e10fdc755a91c7d646331214a3717c8259f120
IcedID
8984e4727dd38e331697ffa9b3590c936d467735177ea842fa073e025ee85c5c
IcedID
eab862ecee5838fc497a89431ad921e8351da2f4f90cbcb7752a2e40109975a7
IcedID
fd0e07ec492cb76abaca206083a13f5cad0a3ed563495c852f13b4876e63974c
IcedID
+ 395 additional samples on MalwareBazaar
Result
Malware family:
icedid
Create hunting rule
Score:
  10/10
Tags:
family:icedid campaign:177045904 banker loader suricata trojan
Link:
https://tria.ge/reports/220711-vwzghsdfc9/
Behaviour
Suspicious behavior: EnumeratesProcesses
Blocklisted process makes network request
IcedID, BokBot
suricata: ET MALWARE Win32/IcedID Request Cookie
Malware Config
C2 Extraction:
blionarywesta.com
Unpacked files
SH256 hash:
69f96e1f1546fe08d6d01e17a7d85ef00b5866dff033906c7883d769d1305c51
MD5 hash:
a2022c9b7123a87584ed06988c38b7c2
SHA1 hash:
39bc2786444dbcf4a821dfcd1b3112affb17cc6f
Link:
https://www.unpac.me/results/b95d3d95-9382-4676-9e2a-3a1cfb37c005/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/69f96e1f1546fe08d6d01e17a7d85ef00b5866dff033906c7883d769d1305c51

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SPLCrypt
Create hunting rule
Author:James Quinn, Binary Defense
Description:Identifies SPLCrypt, a new crypter associated with Bazaloader

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/286349/

Comments