MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8301c177db142c3062ed9e7fe6fe2b519d4d184770d9c0689417f5ae4619c4d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8301c177db142c3062ed9e7fe6fe2b519d4d184770d9c0689417f5ae4619c4d1
SHA3-384 hash: efcd5b517be91665dd93489eda4b9de14e5585988759105e18e26511a79bf0d28050b1f3a8ef1303f6a35e38d528d32a
SHA1 hash: e3a3215821b3a0bf47892cc237267865450d747d
MD5 hash: d65388b6ce2cf9be0187b41de1df0a05
humanhash: uniform-aspen-missouri-montana
File name:ice-32.dat
Download: download sample
File size:3'117'056 bytes
First seen:2021-02-28 12:51:23 UTC
Last seen:2021-02-28 14:54:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 29534b7037cd4726f1ea1f9461b4a42b
ssdeep 49152:7IOzHH4TIUbrqctqymwoA0UzYiejSndb94d87v8HdUnlPHybsBATHnWBOZFo:DYTlbrqzyRF0UsiejSn5Wd289UdGTHW+
Threatray 19 similar samples on MalwareBazaar
TLSH 50E5F1EE21543758C41A88389437FE04F2B2166E07F5D4AE76CBBAD07B7F8259A01B47
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
2
# of downloads :
710
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ice-32.dat
Verdict:
No threats detected
Analysis date:
2021-02-28 12:58:23 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/6767ba03-e0ac-405c-9426-37553e7da844

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/120011/
Detection(s):
SecuriteInfo.com.Variant.Bulz.370931.30145.29938.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/621297
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 359640 Sample: ice-32.dat Startdate: 28/02/2021 Architecture: WINDOWS Score: 56 28 Multi AV Scanner detection for submitted file 2->28 30 Machine Learning detection for sample 2->30 8 loaddll64.exe 1 2->8         started        process3 process4 10 regsvr32.exe 8->10         started        13 rundll32.exe 8->13         started        15 cmd.exe 1 8->15         started        signatures5 32 Tries to detect virtualization through RDTSC time measurements 10->32 17 iexplore.exe 1 74 15->17         started        process6 process7 19 iexplore.exe 156 17->19         started        dnsIp8 22 edge.gycpi.b.yahoodns.net 87.248.118.22, 443, 49733, 49734 YAHOO-DEBDE United Kingdom 19->22 24 tls13.taboola.map.fastly.net 151.101.1.44, 443, 49735, 49736 FASTLYUS United States 19->24 26 11 other IPs or domains 19->26
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8301c177db142c3062ed9e7fe6fe2b519d4d184770d9c0689417f5ae4619c4d1/
Threat name:
Win64.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2021-02-26 07:07:57 UTC
File Type:
PE+ (Dll)
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1d36ad7531393b119ef8e73253874e7af0f22f20a8072797d6ff243e7bb66bb8
21249ce24600b1feac26a2a9883f3c6de299681a924be281630bc3869f0f4044
8773b41b659c9e21f3ed0440869ea4f8955e09171e89430af2b8945a69b03e94
a488990c82230074fdf4f22a014a8f05dbb2bdc055c096c4d4a28b3a8055a648
b52960b7ce7ae8c007c59626859816296471b7810036baaa7b7b86c2cd6d6218
cccc59bb80ee4003e60632ef75835efe3a5ef2cdf762f6da95f5610f0647d3c1
d8147651b1e8ce13e32578ec06753a4cb1a8ada46943f660753ee9749e87a96d
e8cdc889ac43fb8a641ef365c17196f4600ea07688d0a627e1e6bff7255a4946
f33c98f80a5d4647e5a0e5bc2a950d0aa99d0b14ed85467238b384f5e4e8f9e1
fdc5ae1a23f456d6edd75da1dedb29f1b8425292a6318d8e1374b3e1769fb7fe
+ 9 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210228-mf5evq34ne/
Unpacked files
SH256 hash:
8301c177db142c3062ed9e7fe6fe2b519d4d184770d9c0689417f5ae4619c4d1
MD5 hash:
d65388b6ce2cf9be0187b41de1df0a05
SHA1 hash:
e3a3215821b3a0bf47892cc237267865450d747d
Link:
https://www.unpac.me/results/56377316-e46e-4926-8a97-97030f8f299c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/8301c177db142c3062ed9e7fe6fe2b519d4d184770d9c0689417f5ae4619c4d1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/120011/

Comments