MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 76cd290b236b11bd18d81e75e41682208e4c0a5701ce7834a9e289ea9e06eb7e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 76cd290b236b11bd18d81e75e41682208e4c0a5701ce7834a9e289ea9e06eb7e
SHA3-384 hash: 2bbab5c413bfb62a32b5c975f2726a05b428f742af6cb24089cac9c1c9da046e74e7c18a1882015c6dcc709e1c85d2ba
SHA1 hash: 1078744833050626e9681c7c233c3a0963a0b559
MD5 hash: 17091a1e444f306b928d69f2b905bc8b
humanhash: louisiana-xray-burger-charlie
File name:76cd290b236b11bd18d81e75e41682208e4c0a5701ce7834a9e289ea9e06eb7e.bin
Download: download sample
Signature IcedID
Create hunting rule
File size:145'920 bytes
First seen:2020-12-17 12:43:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d41be9e7a4fb60157a30e16a86918a29 (1 x IcedID)
ssdeep 3072:ba8SY43/m5E+dynrtyZkishPxmjQIhWv:ba5Yye5Efnx9hPxmMzv
Threatray 1'111 similar samples on MalwareBazaar
TLSH 89E3E4D03BEDB061F4620DF9F8EC99D3C32AF95187EC4B472267064DDD2C1903A266A6
Reporter w00tw00t
Tags:exe IcedID

Intelligence

File Origin
# of uploads :
1
# of downloads :
454
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
iced-new.exe
Verdict:
No threats detected
Analysis date:
2020-10-14 17:30:21 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/3b6e46b9-552c-41bf-b366-46ce19f29811

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
DNS request
Connection attempt
Connection attempt to an infection source
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
IcedID
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/565365
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Yara detected IcedID
Behaviour
Behavior Graph:
Download SVG
Detection:
icedid
Create hunting rule
Link:
https://mwdb.cert.pl/sample/76cd290b236b11bd18d81e75e41682208e4c0a5701ce7834a9e289ea9e06eb7e/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-03-24 03:06:00 UTC
AV detection:
18 of 30 (60.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o3gssczdnmi32ggydz26ifucecheycsxahhhqnfj4ke6vhqg5n7a._file
Verdict:
malicious
Label(s):
icedid
Create hunting rule
gozi
Create hunting rule
Similar samples:
030f401b5700b52968d0d56fee502ca3072afea5700b4ecc852a455542a0831e
IcedID
1867edbdddd1b3ec5b831129d8416ac88ea638aa8402ddad705443fd31685741
IcedID
1f2b1a13bd2dee7118924867dad18a52ee01eeb8e58876aba3fa286952a719e3
IcedID
23f14c6d4e67277d5f9c6399db22e269759359589d8add6433bfbb164ce7c743
IcedID
34df14f18fdb53d532226445a9224bc75053434bfb7ee03e7e874aebb1fba330
IcedID
485061e24c5e3049536ad009f102ece88305434e636853213de6ebd972af80a1
IcedID
53a0d8307c255d98fe69bb2f915404b4f1e349bbfa1b05c3cbef54d4068bee8e
IcedID
8ab108a4fdab1cf0548ea2044a616b5db7cf70a2d97c48618fc97360668d84c2
IcedID
cc23b2c266be48d98a801a78b089fcfd3a6da68d3885965557ae9a81e94a8e4b
IcedID
d14a877a9a654853d5bdaf8c56192a42dabde4694e4ee49b294d969044f2abb9
IcedID
+ 1'101 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201217-ghp1yxjjnn/
Unpacked files
SH256 hash:
76cd290b236b11bd18d81e75e41682208e4c0a5701ce7834a9e289ea9e06eb7e
MD5 hash:
17091a1e444f306b928d69f2b905bc8b
SHA1 hash:
1078744833050626e9681c7c233c3a0963a0b559
Link:
https://www.unpac.me/results/6baabf6f-7141-4fbf-a7e0-1801e8810b55/
SH256 hash:
38aa2933aacc209e866b398321132423ae13ef9a49fe4b1a2813d934ca471d25
MD5 hash:
21dd005162c62af26f3f59e2ebcb345c
SHA1 hash:
4623de2d7f93e4710a28ed8bf1f8ab95ec7a50ce
Link:
https://www.unpac.me/results/6baabf6f-7141-4fbf-a7e0-1801e8810b55/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
IcedID
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/76cd290b236b11bd18d81e75e41682208e4c0a5701ce7834a9e289ea9e06eb7e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:crime_win32_banker_iceid_ldr1
Create hunting rule
Author:@VK_Intel
Description:Detects IcedId/BokBot png loader (unpacked)
Reference:twitter

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments