MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3be8cc6685249b115400224c229d5f1a39b310aa13869bbdcfffd7fcb9fc8b01. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

IcedID

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	3be8cc6685249b115400224c229d5f1a39b310aa13869bbdcfffd7fcb9fc8b01
SHA3-384 hash:	86b1d9d1910435eec2f14381d5174c8923e492df7bdc046fd845ca97ae9552b3961beaefa9e60444ed4902a6e9ca2d19
SHA1 hash:	a2551fc9caabdd922beb203cc690e00496fc7480
MD5 hash:	06ffa2f9624310162b65c5951712d17e
humanhash:	gee-saturn-march-steak
File name:	SecuriteInfo.com.Trojan.Siggen9.22211.31396.25845
Download:	download sample
Signature	IcedID Create hunting rule
File size:	377'584 bytes
First seen:	2020-03-18 18:34:13 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	aa17ef5a8773f27152c378e0d068236f (1 x IcedID)
ssdeep	6144:DwRJB2FQ79sDw0Zjhk8p4sIFlB4w6Qv8z7vVBv:8B2xZjhk8p4sIFlB4w6Qv8zpBv
Threatray	1'045 similar samples on MalwareBazaar
TLSH	01840823AD403C37D16349714D69D6FDB929782620529C07B6CEB9091BBF5C3BAF122E
Reporter	SecuriteInfoCom
Tags:	IcedID

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.Siggen9.22211.31396.25845.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Vebzenpak

Status:

Malicious

First seen:

2020-03-17 19:51:03 UTC

AV detection:

25 of 30 (83.33%)

Threat level:

5/5

Verdict:

malicious

Label(s):

icedid

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/3be8cc6685249b115400224c229d5f1a39b310aa13869bbdcfffd7fcb9fc8b01

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

IcedID

exe 3be8cc6685249b115400224c229d5f1a39b310aa13869bbdcfffd7fcb9fc8b01

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/326475/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
VB_API	Legacy Visual Basic API used	MSVBVM60.DLL::__vbaSetSystemError MSVBVM60.DLL::__vbaObjSetAddref MSVBVM60.DLL::EVENT_SINK_AddRef MSVBVM60.DLL::__vbaErrorOverflow

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample