MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a87650819ff9fdaa524de78d2024505b3afba6412084f5a18d001605bad4e52f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a87650819ff9fdaa524de78d2024505b3afba6412084f5a18d001605bad4e52f
SHA3-384 hash: 797fe18711d1fc9fdcaf736aa591548cdb3266a5482d3c18f3e79bb889b8c67949553c5c6cd3bc1ba7de9856b5adf3f0
SHA1 hash: 6bf7fdcf959387f311a4d519c99addd83fcddbb3
MD5 hash: 89f72549d10ca37bda16dfb88b06163c
humanhash: emma-lion-summer-edward
File name:SecuriteInfo.com.Win64.BotX-genTrj.13538.31535
Download: download sample
Signature IcedID
Create hunting rule
File size:285'184 bytes
First seen:2021-12-06 04:32:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 975e735f2bcd690b52fe54ae77c63faf (1 x IcedID)
ssdeep 6144:W5PE0TlM3HoeTzoDehOKi2y7mmtNQphgSoug1pLbsS+R:WhE0C3DU/rmYX1uNdR
Threatray 87 similar samples on MalwareBazaar
TLSH T183545B196198AEFAECFB94354BFEB29B9163342502B4CA965FA1095C4F4F1203CD3727
File icon (PE):PE icon
dhash icon 192d9f8322119c92 (1 x IcedID)
Reporter SecuriteInfoCom
Tags:exe IcedID

Intelligence

File Origin
# of uploads :
1
# of downloads :
271
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Win64.BotX-genTrj.13538.31535
Verdict:
No threats detected
Analysis date:
2021-12-06 04:36:10 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/93752743-1e11-4c6d-aa49-406920771848

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/211612/
Detection(s):
SecuriteInfo.com.Win64.BotX-genTrj.13538.31535.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/1012/overview
Behaviour
MeasuringTime
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/61ad924ffa72c81b5b0dc922/reports/723b0ce5-6aa7-442c-8ad1-9eb8db51b220/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
IcedID
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/0a4e137f-ca9e-4218-8e1d-9a7658abfa26
Result
Threat name:
IcedID
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/901949
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Found malware configuration
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious PowerShell Invocations - Generic
Tries to detect virtualization through RDTSC time measurements
Yara detected IcedID
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a87650819ff9fdaa524de78d2024505b3afba6412084f5a18d001605bad4e52f/
Threat name:
Win64.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2021-12-06 00:08:38 UTC
File Type:
PE+ (Exe)
Extracted files:
5
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
1607c0428dccd746d88d39759d285eadbf508d228b6934da9bac171315193009
IcedID
33cc3816f98fa22354559711326a5ce1352d819c180be4328a72618d20a78632
IcedID
3839ea5f86c4ebc8036ab26cfee2b0e05893a6b276d39ba23b75980c4db4c8a4
IcedID
6b213066b6c0587a9fdddd47ea81be8cfb05b58d90f0a4dce03260e0dde8eca8
IcedID
6c710694d270db91b550daf3177622514d2444e7484fb7a16aa2651cc20eb981
IcedID
8c8844cdcee69f1ad7b34bf10a07f246d97420948c9d42b93e996abccc916a14
IcedID
8f9b032ff6f56a685f4c6f9eb57784811d6c98aa83b0c6371e81814edbcd2738
IcedID
d5a4fcb0e552cad22b1a907e874295b08e83d58bd83f9b4788c90aaad263cd87
IcedID
df16de6120e58e0576c0af236154fb9efbcc3a1bde4dbf6078b3e7d94d17fce4
IcedID
eda6bb813cee36866a58cc01b6c928484e8751e3c442ec9739f798aeb8e453f9
IcedID
+ 77 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/211206-e5zkwagbc8/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
a87650819ff9fdaa524de78d2024505b3afba6412084f5a18d001605bad4e52f
MD5 hash:
89f72549d10ca37bda16dfb88b06163c
SHA1 hash:
6bf7fdcf959387f311a4d519c99addd83fcddbb3
Link:
https://www.unpac.me/results/40295e3e-7755-4116-90dc-70cbc4accee0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a87650819ff9fdaa524de78d2024505b3afba6412084f5a18d001605bad4e52f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

IcedID

Executable exe a87650819ff9fdaa524de78d2024505b3afba6412084f5a18d001605bad4e52f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1856734/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/211612/

Comments