MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e9a9233d64bd7c0ebab2f33ddece6ea0a97d8bd7ed45f9a43ef58557fd05e819. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

IcedID

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	e9a9233d64bd7c0ebab2f33ddece6ea0a97d8bd7ed45f9a43ef58557fd05e819
SHA3-384 hash:	d2b6af05c0a73f6227d99b482e5c9edcfbd90196f9671a9265ab5403146ece5d6fdb861654d6b92586f86d1cc2e20c82
SHA1 hash:	fa3115c53e06d2f15fa4b3867f45dbe018e06a8a
MD5 hash:	6f154a80582eea111da92514c7613d06
humanhash:	william-blue-louisiana-bacon
File name:	e9a9233d64bd7c0ebab2f33ddece6ea0a97d8bd7ed45f9a43ef58557fd05e819
Download:	download sample
Signature	IcedID Create hunting rule
File size:	622'144 bytes
First seen:	2022-02-07 13:11:18 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	01f87ec9e1e36146b71b7ffce4fd5fa9 (20 x IcedID)
ssdeep	12288:FTsor70Aeojgc4+o07OCi6HY7FpW0zm0pF:FTXjeojgc4+lDZY5pF
Threatray	176 similar samples on MalwareBazaar
TLSH	T134D4AF39636507B5E0739434C9734943C6F17CB117B095EBA3A1325A0E3BFE5A63AB22
Reporter	malwarelabnet
Tags:	exe IcedID

Intelligence

File Origin

# of uploads :

# of downloads :

257

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/235589/

Detection(s):

SecuriteInfo.com.VHO.Trojan.Win32.Sdum.gen.11852.3673.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a custom TCP request

DNS request

Sending an HTTP GET request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

control.exe greyware overlay packed

Link:

https://www.filescan.io/uploads/62011aa74077c8b9a01ae69c/reports/00fdd173-704f-4927-a049-aad6fd98eae9/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/e490d206-4d5d-4cc9-adb4-d1db46dfa761

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/935169

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e9a9233d64bd7c0ebab2f33ddece6ea0a97d8bd7ed45f9a43ef58557fd05e819/

Threat name:

Win64.Trojan.Sdum

Status:

Malicious

First seen:

2022-02-07 13:12:14 UTC

File Type:

PE+ (Dll)

Extracted files:

AV detection:

13 of 43 (30.23%)

Threat level:

5/5

Verdict:

malicious

Label(s):

icedid

Result

Malware family:

icedid

Score:

10/10

Tags:

family:icedid campaign:1732687004 banker trojan

Link:

https://tria.ge/reports/220207-qfjznscea5/

Behaviour

Checks processor information in registry

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Drops file in Windows directory

IcedID, BokBot

Malware Config

C2 Extraction:

keepfootbal.com

Unpacked files

SH256 hash:

e9a9233d64bd7c0ebab2f33ddece6ea0a97d8bd7ed45f9a43ef58557fd05e819

MD5 hash:

6f154a80582eea111da92514c7613d06

SHA1 hash:

fa3115c53e06d2f15fa4b3867f45dbe018e06a8a

Link:

https://www.unpac.me/results/e2fe5323-812c-419f-ac66-034080c22d5f/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/235589/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample