MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 07fe977241ab3c72ac5653b08767c0aa6f8e37d89f292a9fcc5b30a4e407e68c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

IcedID

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	07fe977241ab3c72ac5653b08767c0aa6f8e37d89f292a9fcc5b30a4e407e68c
SHA3-384 hash:	d9a50f6440ef828080abc90a1aa28bc153df2eca560803d69638e58a2ce03dd9cf4b45228582fe166bab841d74f851ec
SHA1 hash:	eb45e4ba2e885bf1c7fcc73103d1254b9f16cea1
MD5 hash:	01b4e685d3d83b15b784131e73393e0f
humanhash:	red-moon-august-mike
File name:	kfa1.bin
Download:	download sample
Signature	IcedID Create hunting rule
File size:	287'232 bytes
First seen:	2020-07-24 18:12:54 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	3703dfa0a39082c156a9636a1a7d9f2a (15 x IcedID)
ssdeep	6144://gj8DFFxW+Bn8Fj7W7VRicNAOPXWdqMBNNH4SzI:wGTxW+B8FyR1KxI
Threatray	1'835 similar samples on MalwareBazaar
TLSH	1954AF40BCC1C473E97E16350975DAA5197DBC210A60DEAFB7D84E7E4F32280A621F7A
Reporter	malware_traffic
Tags:	dll IcedID Shathak TA551

Intelligence

File Origin

# of uploads :

# of downloads :

109

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/32266/

Detection(s):

PUA.Win.Downloader.Aiis-6803892-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a custom TCP request

Result

Threat name:

IcedID

Detection:

malicious

Classification:

troj.evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/397641

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/07fe977241ab3c72ac5653b08767c0aa6f8e37d89f292a9fcc5b30a4e407e68c/

Threat name:

Win32.Trojan.IcedID

Status:

Malicious

First seen:

2020-07-24 18:14:08 UTC

AV detection:

18 of 29 (62.07%)

Threat level:

5/5

Verdict:

malicious

Label(s):

icedid

gozi

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/200724-l9k96q7pc2/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Blacklisted process makes network request

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Trojan

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/07fe977241ab3c72ac5653b08767c0aa6f8e37d89f292a9fcc5b30a4e407e68c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/32266/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample