MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d47cf4ec1a51c17befc01722d5ff603cfbd338ccff442669e765bf8dc20c6b54. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d47cf4ec1a51c17befc01722d5ff603cfbd338ccff442669e765bf8dc20c6b54
SHA3-384 hash: fadf9338e8980acc91a470efddeca9b80976e4cfcb1fa888dedcf9f6877e7bf04f01181c870f8186e592b13a5568e928
SHA1 hash: 444fb10b133c7e6fdbaee237a8aff1eea48ee863
MD5 hash: d956e9fb1f92771fdfdc35be7c45ba6c
humanhash: failed-juliet-cola-failed
File name:mGhdt.pdf
Download: download sample
Signature IcedID
Create hunting rule
File size:245'760 bytes
First seen:2020-11-24 22:42:21 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 0bce35d6079bdabe8ebf4ef0830555c9 (2 x IcedID)
ssdeep 6144:GpHWgWOOHnlNSY2mptctqLLjfv/ABDvwrXgQ7B:GFWgAn52vq/jHEYrXgq
Threatray 983 similar samples on MalwareBazaar
TLSH 4234D01333D94476F8B7423944368A61977BB6120B38CC8F76E9168D4AB37E16B3178B
Reporter malware_traffic
Tags:dll IcedID Shathak TA551

Intelligence

File Origin
# of uploads :
1
# of downloads :
174
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/546492
Signature
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 322342 Sample: mGhdt.pdf Startdate: 24/11/2020 Architecture: WINDOWS Score: 52 23 Multi AV Scanner detection for submitted file 2->23 25 Initial sample is a PE file and has a suspicious name 2->25 7 AcroRd32.exe 37 2->7         started        process3 process4 9 RdrCEF.exe 44 7->9         started        12 AcroRd32.exe 2 5 7->12         started        dnsIp5 19 192.168.2.1 unknown unknown 9->19 14 RdrCEF.exe 9->14         started        17 RdrCEF.exe 9->17         started        process6 dnsIp7 21 80.0.0.0 NTLGB United Kingdom 14->21
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d47cf4ec1a51c17befc01722d5ff603cfbd338ccff442669e765bf8dc20c6b54/
Threat name:
Win32.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2020-11-24 22:43:04 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2r6pj3a2khaxx36ac4rnl73aht55gogm75ccm2phmw7y3qqmnnka._file
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
072e57e6e901168137834f52b2f0bfe78375258122e146f92129c2344fed0c88
IcedID
1b145cd12882ab58ddb7bdb833e11f9e11b3eb9ce721d75cc6197f87ba4fd341
IcedID
75a7cb73ca0e01413462b0ec15317c855bc24bec0850324b97eb72c4fd429313
IcedID
a9f651747ef040972d25a7f039a4853c9ed151ad252380e1e75af32ddc4ece82
IcedID
b7416f6229dae7bc167f6f18c25b993c7c11a88a139a77178102bd7ca84c469c
IcedID
be562ffeaef635059b492ebcf4a70d2cb8f2395efaae53265197b09894c10870
IcedID
d554bef77e35bbaa325fc61e5bca1ae419f9b2222110c913eb09b9369563c061
IcedID
df63a9a56f4a68d159e7aaa9067e3c8be8cb3c2af583d087835b7d147f0903b1
IcedID
f785ed5227ef3772947c15ba47992a8f36cce03cf7a6f31e3334af2050c59e18
IcedID
fd6f6c377f403f5faccf5c4bb03a0d5af94f7f57ac13572a42b187cdbda027cc
IcedID
+ 973 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201124-eshgdjxnbx/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
d47cf4ec1a51c17befc01722d5ff603cfbd338ccff442669e765bf8dc20c6b54
MD5 hash:
d956e9fb1f92771fdfdc35be7c45ba6c
SHA1 hash:
444fb10b133c7e6fdbaee237a8aff1eea48ee863
Link:
https://www.unpac.me/results/70cd0ece-2949-437b-9275-43bc1dcbe0b7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d47cf4ec1a51c17befc01722d5ff603cfbd338ccff442669e765bf8dc20c6b54

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments