MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9a14d0ece36e1e9b50db6d65b6ae4306e28b309b7f2dda80daa831ee70118ba6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9a14d0ece36e1e9b50db6d65b6ae4306e28b309b7f2dda80daa831ee70118ba6
SHA3-384 hash: daa68bf5e4b072161e6119546fe536ad5146963e4e81ed1db0895462301c6768f09cfd185f187902007dd106179ba463
SHA1 hash: 1813ee132a316800f0118437d1480f5560750b68
MD5 hash: 457c1b776dfb0b0ff5df2424b903a2c0
humanhash: robert-thirteen-skylark-triple
File name:9a14d0ece36e1e9b50db6d65b6ae4306e28b309b7f2dda80daa831ee70118ba6
Download: download sample
Signature IcedID
Create hunting rule
File size:621'919 bytes
First seen:2022-02-07 13:12:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 01f87ec9e1e36146b71b7ffce4fd5fa9 (20 x IcedID)
ssdeep 12288:FTsor70Aeojgc4+o07OCi6HY7FpW0zm0pF:FTXjeojgc4+lDZY5pF
Threatray 176 similar samples on MalwareBazaar
TLSH T10ED4AF39636507B5E0739434C9734943C6F17CB117B095EBA3A1325A0E3BFE5A63AB22
Reporter malwarelabnet
Tags:exe IcedID

Intelligence

File Origin
# of uploads :
1
# of downloads :
271
Origin country :
n/a
Vendor Threat Intelligence
Detection:
IcedIDLoader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/235598/
Detection(s):
SecuriteInfo.com.VHO.Trojan.Win32.Sdum.gen.11852.3673.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Searching for the window
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/6242/overview
Behaviour
SystemUptime
MeasuringTime
EvasionGetTickCount
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control.exe greyware overlay packed
Link:
https://www.filescan.io/uploads/62011aafc79b424d72054389/reports/36572d7e-4b52-4851-8d51-11577b421af8/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/42519864-4585-48ec-86a3-a48f43502283
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/935165
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9a14d0ece36e1e9b50db6d65b6ae4306e28b309b7f2dda80daa831ee70118ba6/
Threat name:
Win64.Trojan.Sdum
Create hunting rule
Status:
Malicious
First seen:
2022-02-07 13:12:15 UTC
File Type:
PE+ (Dll)
Extracted files:
7
AV detection:
13 of 43 (30.23%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
0407d4283508af13a9616360c14796030d3e5669af0aca60c99ac11df3555a74
IcedID
1b09fe2663baafee1ee17274c69ab41c98c6bfa1fd606bf75a40fa2756ff0f32
IcedID
326240f8452d146c9296987a3d8e0e030e8284b5b2282dd18e8edb24cfc5f738
IcedID
3317bb0f6350fcafa46c50971b15f4904bfa1e7eca3ad1d01dfce96b6a3be699
IcedID
4b4ef74c5e07471f8b5d379723d468e378798a49ba5446a71be1b135cae4bf07
IcedID
77a48406e75b59187008d6d2cc1f2ee49efb80daf9be762d2038a6295a0e1cb7
IcedID
7e58885d64fe5f8fc4e9cde9822d78ddfd2f2cb514947a8b06468a9e96819e8b
IcedID
e9a9233d64bd7c0ebab2f33ddece6ea0a97d8bd7ed45f9a43ef58557fd05e819
IcedID
eefc3f9adac700e0282849c294ac9dc7b6ef7caee0bad4ac88b9cd1f2d48bf34
IcedID
f223e9c1404a6de25b007fd7970afb881d6e47c6b609fcbc8fd7e3299cf15843
IcedID
+ 166 additional samples on MalwareBazaar
Result
Malware family:
icedid
Create hunting rule
Score:
  10/10
Tags:
family:icedid campaign:1732687004 banker suricata trojan
Link:
https://tria.ge/reports/220207-qfjznsccfn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Drops file in Windows directory
IcedID, BokBot
suricata: ET MALWARE Win32/IcedID Request Cookie
Malware Config
C2 Extraction:
keepfootbal.com
Unpacked files
SH256 hash:
9a14d0ece36e1e9b50db6d65b6ae4306e28b309b7f2dda80daa831ee70118ba6
MD5 hash:
457c1b776dfb0b0ff5df2424b903a2c0
SHA1 hash:
1813ee132a316800f0118437d1480f5560750b68
Link:
https://www.unpac.me/results/b1544419-10bf-41e7-b7b2-1c1bab372708/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/235598/

Comments