MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d033105288280266f0336365245e18984c5fc684577beed5ad7430775ecd7c02. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 14


Intelligence 14 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d033105288280266f0336365245e18984c5fc684577beed5ad7430775ecd7c02
SHA3-384 hash: 31c1d0bac89fe2fd3017f41d554b02f44c0f2537032b66ba4c0090f8da2b3742ae8c860be686d29248f8acdbba53b0ba
SHA1 hash: 8a1ca86de1cd5755a25812bb58219f9f5f9b006f
MD5 hash: d49b56ab8dd4226a12e2927bfe7fa1b1
humanhash: ink-enemy-fish-kitten
File name:08778399.exe
Download: download sample
Signature IcedID
Create hunting rule
File size:130'144 bytes
First seen:2023-05-25 13:20:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c0db22558d1245a720459dbfc128cdf3 (3 x IcedID)
ssdeep 1536:l3V4MpcYHJqNuuDzCLNgLU18XNzeNbwnApqzPO3I12TMe4vaMzPzUKUvMWHnTX9o:P4MrqIGzsUYNgG4kj4va2UiPJP/V
Threatray 1'184 similar samples on MalwareBazaar
TLSH T1BAD38D4BAF1BDCF7C8024731A9E643080337E6611BC66B0F2D258D790A577B5EF8A685
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10523/12/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter Neiki
Tags:IcedID signed

Code Signing Certificate

Organisation:Southern Wall Systems, LLC
Issuer:SSL.com EV Code Signing Intermediate CA RSA R3
Algorithm:sha256WithRSAEncryption
Valid from:2023-03-27T15:32:55Z
Valid to:2024-03-26T15:32:55Z
Serial number: 40e27b7404aa9b485f8a2fc0c8e53af3
Intelligence: 14 malware samples on MalwareBazaar are signed with this code signing certificate
MalwareBazaar Blocklist:This certificate is on the MalwareBazaar code signing certificate blocklist (CSCB)
Thumbprint Algorithm:SHA256
Thumbprint: 1c46f0a782730fd80b70849ca2133c5f8ba81feaebababb95157a24eaea682e7
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
149
Origin country :
DE DE
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
INV_Unpaid_377_April.pdf
Verdict:
No threats detected
Analysis date:
2023-04-11 21:17:49 UTC
Tags:
generated-doc
Link:
https://app.any.run/tasks/b11e30eb-eb3e-4935-85ba-348332775cd4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
IcedIDLoader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/391683/
Detection(s):
SecuriteInfo.com.Trojan.Generic.33433850.2922.30917.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/87882/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug icedid overlay packed
Link:
https://www.filescan.io/uploads/646f60c174f29291dfe66d54/reports/977e4573-0c9e-405c-bd96-0bbbc4653e51/overview
Verdict:
Malicious
Labled as:
TROJ_FR.B45C9EE1
Link:
https://www.hybrid-analysis.com/sample/d033105288280266f0336365245e18984c5fc684577beed5ad7430775ecd7c02
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/93d49d5a-f971-4ef0-b9e3-d320286ab7c4
Result
Threat name:
IcedID
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1242650
Signature
Antivirus / Scanner detection for submitted sample
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Found API chain indicative of debugger detection
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Yara detected IcedID
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d033105288280266f0336365245e18984c5fc684577beed5ad7430775ecd7c02/
Threat name:
Win64.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2023-04-12 03:06:58 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
19 of 36 (52.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2azrauuifabgn4btmnssixqytbgf7ruek5565vnnoqyhoxwnpqba._file
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
43ba07032ca007ed25935ef123c2d408b2f4fd1f0e428b5d03b58b476da336da
IcedID
52d3dd78d3f1a14e18d0689ed8c5b43372f9e76401ef1ff68522575e6251d2cf
IcedID
534698f7d1d4f0fae6e100b64f27c48fd167bd238cc9279ad2e4bd4f5411cc9d
IcedID
5f5f78266fddd18f3db7791b4980df2d13184de9d1c5ac39c49751e25f83ca17
IcedID
a015f40cfa1ca770c0c7fa901974ad6178f2b913659aea1486fcc307fd735e8e
IcedID
c7b4796751027b3049df6c795519f861bc5ac50410324fdff9a315d498dddee9
IcedID
cab63e05a4a6f0b825acb077ba6a1bbb3657488c584882124a31c45dfb39515d
IcedID
+ 1'174 additional samples on MalwareBazaar
Result
Malware family:
icedid
Create hunting rule
Score:
  10/10
Tags:
family:icedid campaign:1401071739 banker loader trojan
Link:
https://tria.ge/reports/230525-qlnj2sad36/
Behaviour
Suspicious behavior: EnumeratesProcesses
IcedID, BokBot
Malware Config
C2 Extraction:
shoterqana.com
Unpacked files
SH256 hash:
fd37c98782453214bab6484f6045b796a5a3dc7ebba9a894f6783817eef6c9c7
MD5 hash:
0b8f38766c27c250db7919b10edf0d72
SHA1 hash:
e70020640415e3b24a56755657d7b76cc09cb1ab
Detections:
IcedIDLoader
Create hunting rule
win_photoloader_auto
Create hunting rule
win_photoloader_a0
Create hunting rule
Link:
https://www.unpac.me/results/0a55ee06-20ec-4509-9273-5f06b72261f9/
Parent samples :
52d3dd78d3f1a14e18d0689ed8c5b43372f9e76401ef1ff68522575e6251d2cf
846dab665df0dd1febc5244482b955bf39dc92b80cee4561e0747b3d3c88a12c
d033105288280266f0336365245e18984c5fc684577beed5ad7430775ecd7c02
SH256 hash:
d033105288280266f0336365245e18984c5fc684577beed5ad7430775ecd7c02
MD5 hash:
d49b56ab8dd4226a12e2927bfe7fa1b1
SHA1 hash:
8a1ca86de1cd5755a25812bb58219f9f5f9b006f
Link:
https://www.unpac.me/results/0a55ee06-20ec-4509-9273-5f06b72261f9/
Malware family:
IcedID
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/d03310528828/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/391683/

Comments