MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f5864e2fafc9c7cadafbd0cb763c284f4fa15d0fcdd713984f094cb0dd0a15a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f5864e2fafc9c7cadafbd0cb763c284f4fa15d0fcdd713984f094cb0dd0a15a
SHA3-384 hash: f9a558efa3963297ac86496a751f9bf7b8e9d5dab5cf845465dc440ec078d8c65d89002b746bfdc355ea35226f080df7
SHA1 hash: a3b677e03bbb4e3fafbe3b0fcc151144b4ce986d
MD5 hash: 93a25f911c3052aacd13f6720c0d7ae1
humanhash: five-carolina-ohio-august
File name:Invoice_Docs_01-17#41.pdf
Download: download sample
Signature IcedID
Create hunting rule
File size:56'058 bytes
First seen:2023-01-17 15:32:25 UTC
Last seen:Never
File type: pdf
MIME type:application/pdf
ssdeep 1536:tCnOx0p0hGMiaL/omb1QOlM7a3TqVTstY81LLLLLai7QEdABO:tCnOx0C42bKOa7a2gY81LLLLLai7QE6U
TLSH T14843CE86AD891E84DEFEABF00457A643C5497A22CE93FE704E724DB0F594F0D8A43785
Reporter pr0xylife
Tags:1354268219 IcedID pdf

Intelligence

File Origin
# of uploads :
1
# of downloads :
420
Origin country :
CL CL
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.PUA.PDF.GoogleStorage-1.UNOFFICIAL
Create hunting rule

Pdf.Trojan.IcedID-9983378-0
Create hunting rule

Result
Verdict:
Suspicious
File Type:
PDF File
Link:
https://app.docguard.net/7f5864e2fafc9c7cadafbd0cb763c284f4fa15d0fcdd713984f094cb0dd0a15a/results/dashboard
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
icedid
Link:
https://www.filescan.io/uploads/63c6bfaf8352dc7065e34e43/reports/9b9e15be-87b5-4164-b7f6-be9f45b179e5/overview
Label:
Benign
Suspicious Score:
3/10
Score Malicious:
3%
Score Benign:
97%
Link:
https://www.malware.ai/gui/files/?id=1b1cd9ae-2918-47c2-b4c8-fb89c2c12111
Result
Verdict:
UNKNOWN
Details
Document With Few Pages
Document contains between one and three pages of content. Most malicious documents are sparse in page count.
Result
Threat name:
Qbot Downloader
Create hunting rule
Detection:
malicious
Classification:
spre.troj
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1153209
Signature
C2 URLs / IPs found in malware configuration
Found potential malicious PDF (bad image similarity)
Yara detected Qbot Downloader
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 785941 Sample: Invoice_Docs_01-17#41.pdf Startdate: 17/01/2023 Architecture: WINDOWS Score: 60 35 Found potential malicious PDF (bad image similarity) 2->35 37 Yara detected Qbot Downloader 2->37 39 C2 URLs / IPs found in malware configuration 2->39 9 AcroRd32.exe 15 48 2->9         started        process3 process4 11 chrome.exe 18 8 9->11         started        14 RdrCEF.exe 66 9->14         started        dnsIp5 31 239.255.255.250 unknown Reserved 11->31 16 unarchiver.exe 4 11->16         started        18 chrome.exe 11->18         started        33 192.168.2.1 unknown unknown 14->33 process6 dnsIp7 21 7za.exe 2 16->21         started        25 accounts.google.com 142.250.180.173, 443, 49698 GOOGLEUS United States 18->25 27 clients.l.google.com 142.250.184.46, 443, 49700 GOOGLEUS United States 18->27 29 3 other IPs or domains 18->29 process8 process9 23 conhost.exe 21->23         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7f5864e2fafc9c7cadafbd0cb763c284f4fa15d0fcdd713984f094cb0dd0a15a/
Threat name:
Document-PDF.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2023-01-17 15:33:06 UTC
File Type:
Document
Extracted files:
3
AV detection:
8 of 26 (30.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=p5mgjyx27sohzlnpxugloy6cqt2pufoq7toxcome6ckmwdoqufna._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7f5864e2fafc9c7cadafbd0cb763c284f4fa15d0fcdd713984f094cb0dd0a15a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments