MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 412d5f8f15db39029d623549db704d8acca0136b050fca4baaaa1ee620dbb441. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 412d5f8f15db39029d623549db704d8acca0136b050fca4baaaa1ee620dbb441
SHA3-384 hash: 5071f0f1a6033f9699765e99666b28f749b371b1cd4339f96cd2d57d846370a07c760f9a0e579d8d432daebc2b16094b
SHA1 hash: 85ac4487a686f6c1d368ac3c6675424ceb0b40b5
MD5 hash: 6c5ff25e8c46c6fcd9b1845a62c8c7d7
humanhash: floor-violet-november-winner
File name:kZgra.pdf
Download: download sample
Signature IcedID
Create hunting rule
File size:225'794 bytes
First seen:2020-10-09 21:30:21 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash b4621f50f3aeb6804e6ffb09fc8d51f2 (19 x IcedID)
ssdeep 3072:jUC76ZySY0b3MaIFh234cBDV0rBV+mPKFj5XbsDvHrYNGscWrAIykbQ8gAZAOw:Wd3mQvSqmPKFBbsTHr8Gs2IykbJ6V
Threatray 399 similar samples on MalwareBazaar
TLSH A6245D00AA51D039F4F752F885BB9368E62C7EA05B2451CF62C61EEE8774BF09C31697
Reporter malware_traffic
Tags:dll IcedID Shathak TA551

Intelligence

File Origin
# of uploads :
1
# of downloads :
177
Origin country :
n/a
Vendor Threat Intelligence
Detection:
IcedID
Create hunting rule
Link:
https://www.capesandbox.com/analysis/69651/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
DNS request
Sending a custom TCP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/487284
Signature
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 296073 Sample: kZgra.pdf Startdate: 09/10/2020 Architecture: WINDOWS Score: 52 23 Multi AV Scanner detection for submitted file 2->23 25 Initial sample is a PE file and has a suspicious name 2->25 7 AcroRd32.exe 37 2->7         started        process3 process4 9 RdrCEF.exe 45 7->9         started        12 AcroRd32.exe 2 5 7->12         started        dnsIp5 19 192.168.2.1 unknown unknown 9->19 14 RdrCEF.exe 9->14         started        17 RdrCEF.exe 9->17         started        process6 dnsIp7 21 80.0.0.0 NTLGB United Kingdom 14->21
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/412d5f8f15db39029d623549db704d8acca0136b050fca4baaaa1ee620dbb441/
Threat name:
Win32.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2020-10-09 21:32:06 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
0b43e77fc9a0842fe7802692e884f57c8cec80e312ae842b368426eb8475351a
IcedID
24a70a8984d118f4b560dc4657f3bf686ad64b1884fef9282cfa2f8ff6044391
IcedID
5e0ba8b2a90fe33fdeca4a2ce956111a95337c725208cebd7ce25a4a458a3b1d
IcedID
7316bf4538e96c9a09d7a6a72e0ede7df34289a47b0561a23fa5b959638daefe
IcedID
83d5ceb21e632bda8a75388aad568444c414f2e06e96e73863bdccbefc48d17a
IcedID
a95efda438fdee4b4866287c2cfe9d89772a46c5d9d22377c8c63e43b2c93295
IcedID
abeb9bec19b733006fd8d163f51ce46cbe8b05d5e7d3b78ae6408d245ea02d96
IcedID
b2693db5d5954f3a2303d9c30343422362d0b64e3bdd3c0c7385caa98afdbf49
IcedID
c2a2b61003dba1e5d6da5b397439e2f7f79615ef10a3f8cb57ac90fe9a0b5fb7
IcedID
de62405310da1fc99bae72ef69cac5f6a7c328860a7d49305edc1537d3bf3102
IcedID
+ 389 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/201009-b2fhnxekae/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Blacklisted process makes network request
Unpacked files
SH256 hash:
412d5f8f15db39029d623549db704d8acca0136b050fca4baaaa1ee620dbb441
MD5 hash:
6c5ff25e8c46c6fcd9b1845a62c8c7d7
SHA1 hash:
85ac4487a686f6c1d368ac3c6675424ceb0b40b5
Link:
https://www.unpac.me/results/22d79436-27c3-4b88-a834-1065dad8bac2/
SH256 hash:
abed292b4e0fdab18a976de9385cd64e64b09d7c646f65b25bc7bec1a9556d98
MD5 hash:
9411e515b70d1f3de3c068998a6749d6
SHA1 hash:
05191aaf8be407030e90c0cf6b4a0f4cf5da2f9b
Link:
https://www.unpac.me/results/22d79436-27c3-4b88-a834-1065dad8bac2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/412d5f8f15db39029d623549db704d8acca0136b050fca4baaaa1ee620dbb441

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/69651/

Comments