MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e1e9e84a24abaa8658d8715d32e21ed51f1c548123155f4c88bbc8722eecbfbd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e1e9e84a24abaa8658d8715d32e21ed51f1c548123155f4c88bbc8722eecbfbd
SHA3-384 hash: b51f9fd398532764260b71cfe01f2b33c0b78ec34a735d49c9fa0b51b4910c7f3e568996a8033dd6a06231381a203c94
SHA1 hash: e23beffc93aa4a055416bab85efec3255a378e26
MD5 hash: 8517e05f33c46fc81a9ed135f0e04851
humanhash: arkansas-quiet-whiskey-floor
File name:141939_2.pdf
Download: download sample
Signature IcedID
Create hunting rule
File size:609'792 bytes
First seen:2022-02-09 16:01:43 UTC
Last seen:2022-02-09 17:48:23 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 785f865bebd08bfb75ef6d88ff36225e (1 x IcedID)
ssdeep 12288:upPJWLQNXKLRj9LoDS0HGI78nghchxOT:uNwoKLRjx4S+lwgycT
Threatray 19 similar samples on MalwareBazaar
TLSH T12ED4AF39737507B9E0635438C8738903C5B17C6117B196DBE7A1324E4E3ABE56A3BB22
Reporter Anonymous
Tags:exe IcedID


Avatar
Anonymous
https://urlhaus.abuse.ch/url/2038802/

Intelligence

File Origin
# of uploads :
2
# of downloads :
344
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/239698/
Detection(s):
SecuriteInfo.com.W64.Kryptik.FXT.genEldorado.20441.12673.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
DNS request
Sending an HTTP GET request
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/6532/overview
Behaviour
SystemUptime
MeasuringTime
EvasionGetTickCount
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control.exe greyware packed
Link:
https://www.filescan.io/uploads/6203e587c649d4049451b189/reports/6bfe273b-2f74-4817-9c04-3c5326947e92/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/250364bc-1973-4357-861e-315f810699e7
Result
Threat name:
IcedID
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/937020
Signature
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Yara detected IcedID
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 569498 Sample: 141939_2.pdf Startdate: 09/02/2022 Architecture: WINDOWS Score: 60 19 Multi AV Scanner detection for submitted file 2->19 21 Yara detected IcedID 2->21 23 Sigma detected: Suspicious Call by Ordinal 2->23 7 loaddll64.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 rundll32.exe 7->11         started        13 rundll32.exe 7->13         started        15 2 other processes 7->15 process5 17 rundll32.exe 9->17         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e1e9e84a24abaa8658d8715d32e21ed51f1c548123155f4c88bbc8722eecbfbd/
Threat name:
Win64.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2022-02-09 16:02:13 UTC
File Type:
PE+ (Dll)
Extracted files:
7
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1909a177d8f646c0993e5e58347e1a0b39b71dc45ad4ae49faa631683c18a3e6
IcedID
1b09fe2663baafee1ee17274c69ab41c98c6bfa1fd606bf75a40fa2756ff0f32
IcedID
326240f8452d146c9296987a3d8e0e030e8284b5b2282dd18e8edb24cfc5f738
IcedID
4b4ef74c5e07471f8b5d379723d468e378798a49ba5446a71be1b135cae4bf07
IcedID
5d3eb542453ede693e6883aea44045d6d191d47a2751a4e6e6aea43a9d750c08
IcedID
6e46958960f575bfdc14a3da83de4249ab3f23f834aec3d2b5ca8891f9c91bc8
IcedID
9a09137e28cc0e5af606db45d95f1fb46e1024129eb065e2d854c7aecda82ba0
IcedID
dd5e4ae90684b88a78ef90c46f1d6329d539348abbc497e0052ee53511b06290
IcedID
e802ba75f63f64018ca2218a04e6a75baeca3e80f1f922db015b3f5973f2ca85
IcedID
eefc3f9adac700e0282849c294ac9dc7b6ef7caee0bad4ac88b9cd1f2d48bf34
IcedID
+ 9 additional samples on MalwareBazaar
Result
Malware family:
icedid
Create hunting rule
Score:
  10/10
Tags:
family:icedid campaign:3400854601 banker suricata trojan
Link:
https://tria.ge/reports/220209-tgsvrabaer/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Drops file in Windows directory
IcedID, BokBot
suricata: ET MALWARE Win32/IcedID Request Cookie
Unpacked files
SH256 hash:
e1e9e84a24abaa8658d8715d32e21ed51f1c548123155f4c88bbc8722eecbfbd
MD5 hash:
8517e05f33c46fc81a9ed135f0e04851
SHA1 hash:
e23beffc93aa4a055416bab85efec3255a378e26
Link:
https://www.unpac.me/results/10725e83-c2df-42e4-9ba4-270e8bd3390b/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

IcedID

Executable exe e1e9e84a24abaa8658d8715d32e21ed51f1c548123155f4c88bbc8722eecbfbd

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2038802/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/239698/

Comments