MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d4804d424161118b1f6d4d1106b6ed8881be23d8078e2d6f9da84dfdc1c34d92. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d4804d424161118b1f6d4d1106b6ed8881be23d8078e2d6f9da84dfdc1c34d92
SHA3-384 hash: 6a289ceac5b43ed8ae5347a01a257934abf89bf519ec7f868a3604aeccf1fd856c5706d983fbd8f8b03373d335ec2cb9
SHA1 hash: d44e47856005ab0e5f86add27d82ab42dd560383
MD5 hash: 9bd97319a9eabae9d6fdc1a42fbd23e1
humanhash: triple-xray-avocado-hamper
File name:bind_64.dat
Download: download sample
Signature IcedID
Create hunting rule
File size:70'656 bytes
First seen:2021-08-19 04:56:04 UTC
Last seen:2021-08-19 06:10:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash dd2462e9fd4e377146b7a9f0263a0b8f (1 x IcedID)
ssdeep 768:JM6dFpLKbq8RBzt0x7JtbSB3mtteF+7//T8RR+tP4e7qdJvXtDrqZfeY7TE1q:JlFcJcx7LUmtL7//4OKFGsYn
Threatray 14 similar samples on MalwareBazaar
TLSH T1CB63F60297F52B83F6A192FB399DC12950B2522F916F431313C49E98275B76FE78F209
Reporter JAMESWT_WT
Tags:coreinsidezip exe IcedID

Intelligence

File Origin
# of uploads :
2
# of downloads :
384
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
bind_64.dat
Verdict:
No threats detected
Analysis date:
2021-08-19 04:57:36 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a64c64d8-ba51-4b30-8784-e6d9bedf082b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/180505/
Detection(s):
SecuriteInfo.com.ML.PE-A.11169.22657.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/2ce6b593-fc1f-44bf-92c7-88a087282292
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/835493
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 467924 Sample: bind_64.dat Startdate: 19/08/2021 Architecture: WINDOWS Score: 48 30 Multi AV Scanner detection for submitted file 2->30 7 loaddll64.exe 1 2->7         started        9 UpdateNotificationMgr.exe 2->9         started        process3 process4 11 iexplore.exe 1 74 7->11         started        13 cmd.exe 1 7->13         started        15 rundll32.exe 7->15         started        17 4 other processes 7->17 process5 19 iexplore.exe 2 151 11->19         started        22 rundll32.exe 13->22         started        dnsIp6 24 edge.gycpi.b.yahoodns.net 87.248.118.22, 443, 49731, 49732 YAHOO-DEBDE United Kingdom 19->24 26 dart.l.doubleclick.net 142.250.186.70, 443, 49721, 49722 GOOGLEUS United States 19->26 28 12 other IPs or domains 19->28
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d4804d424161118b1f6d4d1106b6ed8881be23d8078e2d6f9da84dfdc1c34d92/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2sae2qsbmeiywh3njuiqnnxnrca34i6ya6hc2345vbg73qodjwja._file
Verdict:
unknown
Similar samples:
174fedef472738f40a4e642fdd6c21fa68c3d2058e80efc63b0c1a683486f6c2
IcedID
2355c41d99a06c1b84e711ecd5491b9b264cacffefc1fd17f666b3383ba9b8a3
IcedID
60e3f1aa7f85ea1f92ad1415eb2fd129b790d84954a6537761be3e63338f2de7
IcedID
63c19bf1933e051ab3ee55025fa4a941a4dfb450444df9650d5085734fb219c5
IcedID
7c8a855cef482a9551706005f7147c95b7319b338412905021ee71b13611a2b5
IcedID
9d34d2afbaf1ccd0c67ace8507d481cd746c027cdb5c5c942e682162145ed45f
IcedID
b898ce00a3b278fa41842781a562bec6e901402411aacfb0bc097db12b8a04ac
IcedID
c5d2f656db9286b7a7b2d55fc4cbc586efe15d7be44913d6a92fcd3240e526a1
IcedID
ca93e1c7dc98ca126438c4772f9c3377de5f628b612fe3dc8f72709d5e5bbdb0
IcedID
e001ddff1d29e0dba0db4f427f036956e006152ae18bb108807bd37f64f5ccb8
IcedID
+ 4 additional samples on MalwareBazaar
Result
Malware family:
icedid
Create hunting rule
Score:
  10/10
Tags:
family:icedid botnet:3984935437 banker trojan
Link:
https://tria.ge/reports/210819-t2hrhcq252/
Behaviour
IcedID, BokBot
Malware Config
C2 Extraction:
owesureoma.top
onokdaynekti.top
pastwestbi.top
whoreviki.top
footballer.bid
2kilozhiraffe.club
aristomosuga.top
viryigamaps.top
Unpacked files
SH256 hash:
d4804d424161118b1f6d4d1106b6ed8881be23d8078e2d6f9da84dfdc1c34d92
MD5 hash:
9bd97319a9eabae9d6fdc1a42fbd23e1
SHA1 hash:
d44e47856005ab0e5f86add27d82ab42dd560383
Link:
https://www.unpac.me/results/3a7da7d9-976f-430d-819a-ec13c57777d6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/d4804d424161118b1f6d4d1106b6ed8881be23d8078e2d6f9da84dfdc1c34d92

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/180505/

Comments