MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dd5e4ae90684b88a78ef90c46f1d6329d539348abbc497e0052ee53511b06290. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dd5e4ae90684b88a78ef90c46f1d6329d539348abbc497e0052ee53511b06290
SHA3-384 hash: e24babc0add3f1c19f7e3f72a4de6a020074cd51d092b2f3ce18bd9c17b03b9e4353c35fbf1d231b0c5ab15c2c93e1a1
SHA1 hash: 35bf3f8f4cede7e6c71835f65a725395cb1c85a9
MD5 hash: d90cbb56fb59fa895e06c27164dcc120
humanhash: mockingbird-xray-harry-oscar
File name:3.dll
Download: download sample
Signature IcedID
Create hunting rule
File size:645'769 bytes
First seen:2022-02-04 14:28:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 01f87ec9e1e36146b71b7ffce4fd5fa9 (20 x IcedID)
ssdeep 12288:FTsor70Aeojgc4+o07OCi6HY7FpW0zm0pF:FTXjeojgc4+lDZY5pF
TLSH T1A2D4AF39636507B5E0739434C9734943C6F17CB117B095EBA3A1325A0E3BFE5A63AB22
Reporter JAMESWT_WT
Tags:exe IcedID

Intelligence

File Origin
# of uploads :
1
# of downloads :
294
Origin country :
n/a
Vendor Threat Intelligence
Detection:
IcedIDLoader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/233041/
Detection(s):
SecuriteInfo.com.VHO.Trojan.Win32.Sdum.gen.23018.8333.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.VHO.Trojan.Win32.Sdum.gen.11852.3673.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/aaed356d-99b9-44b7-b458-d25b4a94c957
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
28 / 100
Link:
https://www.joesandbox.com/analysis/933987
Signature
Sigma detected: Suspicious Call by Ordinal
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 566465 Sample: 3.dll Startdate: 04/02/2022 Architecture: WINDOWS Score: 28 19 Sigma detected: Suspicious Call by Ordinal 2->19 7 loaddll64.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 rundll32.exe 7->11         started        13 rundll32.exe 7->13         started        15 2 other processes 7->15 process5 17 rundll32.exe 9->17         started       
Gathering data
Threat name:
Win64.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2022-02-04 14:28:48 UTC
File Type:
PE+ (Dll)
Extracted files:
7
AV detection:
16 of 28 (57.14%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3vpev2igqs4iu6hpsdcg6hldfhktsnekxpcjpyaff3stkenqmkia._file
Result
Malware family:
icedid
Create hunting rule
Score:
  10/10
Tags:
family:icedid campaign:1732687004 banker persistence suricata trojan
Link:
https://tria.ge/reports/220204-rtjfqsbbhj/
Behaviour
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Drops file in Windows directory
Sets service image path in registry
IcedID, BokBot
suricata: ET MALWARE Win32/IcedID Request Cookie
Malware Config
C2 Extraction:
keepfootbal.com
Unpacked files
SH256 hash:
dd5e4ae90684b88a78ef90c46f1d6329d539348abbc497e0052ee53511b06290
MD5 hash:
d90cbb56fb59fa895e06c27164dcc120
SHA1 hash:
35bf3f8f4cede7e6c71835f65a725395cb1c85a9
Link:
https://www.unpac.me/results/307f5972-073b-46e8-b515-983674a142b4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dd5e4ae90684b88a78ef90c46f1d6329d539348abbc497e0052ee53511b06290

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/233041/

Comments