MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fbad60002286599ca06d0ecb3624740efbf13ee5fda545341b3e0bf4d5348cfe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 10


Intelligence 10 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fbad60002286599ca06d0ecb3624740efbf13ee5fda545341b3e0bf4d5348cfe
SHA3-384 hash: 3e4880ba57d7c4e7d4425a4e0e34fd4a09acdd8dc4581184d754af59059e6abbb108caa4220a115cf234ccb88162b491
SHA1 hash: f4df8c9d37a76eadf1125a74865032d83920123b
MD5 hash: 6b1e64957316e65198e3a1f747402bd6
humanhash: grey-hydrogen-wisconsin-floor
File name:view.png.dll
Download: download sample
Signature IcedID
Create hunting rule
File size:297'984 bytes
First seen:2023-02-03 20:13:30 UTC
Last seen:2023-02-04 01:00:21 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b1c714163a3d228e61ff045c9924482c (1 x IcedID)
ssdeep 6144:DaP0aNyfRYkalElFD5EX7ZEL1PJ07ohmfTSf420:DU0aYRrzDSX7JoU20
Threatray 8'175 similar samples on MalwareBazaar
TLSH T195546C06B2E50CBAE863913DC9635946D7F2BC120771D6EF03A0465A6F377E0A93BB11
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter James_inthe_box
Tags:dll exe IcedID

Intelligence

File Origin
# of uploads :
3
# of downloads :
249
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
view.png.dll
Verdict:
No threats detected
Analysis date:
2023-02-03 20:14:09 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/37be7ce6-2840-4776-89fa-0ec9860a107f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/360084/
Detection(s):
SecuriteInfo.com.W64.GenKryptik.FNOG.tr.2093.4969.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
No Threat
Threat level:
  2/10
Confidence:
67%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/63dd6b0c1c9cbf7d6255a991/reports/b13a7939-68a3-421c-8863-28c540569e22/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/fbad60002286599ca06d0ecb3624740efbf13ee5fda545341b3e0bf4d5348cfe
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/227d91fa-e382-4a87-844c-9d302c09b394
Result
Threat name:
IcedID
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/1165452
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Malicious sample detected (through community Yara rule)
Sigma detected: Execute DLL with spoofed extension
System process connects to network (likely due to code injection or exploit)
Tries to detect virtualization through RDTSC time measurements
Yara detected IcedID
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fbad60002286599ca06d0ecb3624740efbf13ee5fda545341b3e0bf4d5348cfe/
Threat name:
Win64.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2023-02-03 20:13:07 UTC
File Type:
PE+ (Dll)
Extracted files:
6
AV detection:
16 of 26 (61.54%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7owwaabcqzmzzidnb3ftmjdub357cpxf7wsukna3hyf7jvjurt7a._file
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
05a3a84096bcdc2a5cf87d07ede96aff7fd5037679f9585fee9a227c0d9cbf51
IcedID
069b31cb7f9054647b684da4fc5263fa690e32d75729ec6b5c808b0c532b9628
IcedID
12de04133def8f1652bbf2aaac8454d76141f5115e9e6d9131dcb2ffbdbee66e
IcedID
52ceb2e476f5ba13ad4d56c5292d8c97cff9c24967b54fa7a50cc2a333f2527d
IcedID
923715af8f2e49242e18210c143ffd69300cdf675f61ae33c2f2fcbab6df07e2
IcedID
c58b13dc51e572ec288d97aa255d55884d7418466b8381afd1a4278a0be87427
IcedID
d6618f430c04b203394c7887803a2171402efa31427c0835e24c9dec935bf79c
IcedID
+ 8'165 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230203-yzzs8sba63/
Unpacked files
SH256 hash:
e0c14b14c0715225f710b77ed50bba269549d7bde9bf058fc30e47fe8bbe2a85
MD5 hash:
702df8c8a51215bdc226e09df9ced580
SHA1 hash:
bfb7415cb5a1a7295841fdb36e6f3a8ca1bd5b1a
Detections:
win_photoloader_a0
Create hunting rule
win_photoloader_auto
Create hunting rule
Link:
https://www.unpac.me/results/67451466-324d-4535-9eaa-c328e2b590cd/
SH256 hash:
fbad60002286599ca06d0ecb3624740efbf13ee5fda545341b3e0bf4d5348cfe
MD5 hash:
6b1e64957316e65198e3a1f747402bd6
SHA1 hash:
f4df8c9d37a76eadf1125a74865032d83920123b
Link:
https://www.unpac.me/results/67451466-324d-4535-9eaa-c328e2b590cd/
Malware family:
IcedID
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/fbad60002286/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fbad60002286599ca06d0ecb3624740efbf13ee5fda545341b3e0bf4d5348cfe

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:crime_win64_bazarloader_packed_sep21
Create hunting rule
Author:Rony (@r0ny_123)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/360084/
  
URLhaus
https://urlhaus.abuse.ch/url/2529583/

Comments