MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d00dd3d606e59496069e836b1c4466d5a11a1a03c2207947f64e4442099657a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4d00dd3d606e59496069e836b1c4466d5a11a1a03c2207947f64e4442099657a
SHA3-384 hash: 58a3ec1688e9c03feedcf3df36d6eac005f534d17295efd01d24aa0e75e37cf9ef99f5e89b7be5de4380653b251063b3
SHA1 hash: 55fb9e7df549ca9133dd2d481930e1042a8c61bc
MD5 hash: 4f807ffbf0704b3aaf708a1aef892dfd
humanhash: princess-michigan-sink-butter
File name:VSMecyU.dll
Download: download sample
Signature IcedID
Create hunting rule
File size:134'656 bytes
First seen:2020-11-12 00:11:26 UTC
Last seen:2024-07-24 14:03:23 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 14a49883c83ac5c80b38772e4632181d (3 x IcedID)
ssdeep 3072:DR47Fjg3bql2O94QDQt+QC+uFkoQzJDw8URT:OTl2JTC7EZUR
Threatray 837 similar samples on MalwareBazaar
TLSH 15D38C0232909475F2BF1BFD04668A1147BEBCA1DFB099C7BBD4295EAA361C05E31B53
Reporter malware_traffic
Tags:dll IcedID installer


Avatar
malware_traffic
run method: rundll32.exe [filename],DllRegisterServer

Intelligence

File Origin
# of uploads :
3
# of downloads :
177
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Win32.Wacatac.Cml.4258.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
DNS request
Sending a custom TCP request
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
IcedID
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/531050
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Yara detected IcedID
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4d00dd3d606e59496069e836b1c4466d5a11a1a03c2207947f64e4442099657a/
Threat name:
Win32.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2020-11-12 00:29:06 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
33d4b93f27fa6d5f68443a35b0640269b3f6a1cfd8e0015361e462bc369b0133
IcedID
50b55b6f0ece35b30db3ceac5a06c37a39141d4419dac0c2b08cb6fd4de15dcb
IcedID
54a1ff16fd63ead406eec7b18303d4998ff43c078dc8c4257d6ba593a3e3b24d
IcedID
79d585b28d8211b54994c24243d7051ca849e2104d1aa08b50584ef36b359d59
IcedID
b25c8c35e0e2a69aa6b02ffd44e3117a4a103b626ea85ea77771ff35efd9449b
IcedID
b5399025d73dfb850df68017dfa81ce5f83bd9eeb7db056fffeca55ad3bcea65
IcedID
c9fb4ff0bd9eefbdb77a43a2098b4b1332225392bc38d21a0181f9faf57e92dd
IcedID
e78cec26b2161c90b29869ab28fe59fc8224de56dc231cb7164bfbb043642f87
IcedID
ecfe29ac7905d40cd43e79c1ade25e12c3d01827a49f4a6a7abbea2b65eae839
IcedID
f48c86c1b8852dbbc17c494a64641769a6e37bbcb5a185f120a017b1f183b278
IcedID
+ 827 additional samples on MalwareBazaar
Result
Malware family:
icedid
Create hunting rule
Score:
  10/10
Tags:
family:icedid banker trojan
Link:
https://tria.ge/reports/201112-qxm622cntx/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Blacklisted process makes network request
IcedID, BokBot
Unpacked files
SH256 hash:
b1e1becfeb2ce10855437964be5b4c3afe8b0db6030122ae4cc9f43efbf8e49f
MD5 hash:
534d876a0fc26b26c93668f0b5ecf977
SHA1 hash:
f8ac8ed0330f5bdf6490799076214f7fb1b0864e
Link:
https://www.unpac.me/results/33149302-a5b1-4d1f-a9f8-9acc096cd579/
SH256 hash:
4d00dd3d606e59496069e836b1c4466d5a11a1a03c2207947f64e4442099657a
MD5 hash:
4f807ffbf0704b3aaf708a1aef892dfd
SHA1 hash:
55fb9e7df549ca9133dd2d481930e1042a8c61bc
Link:
https://www.unpac.me/results/33149302-a5b1-4d1f-a9f8-9acc096cd579/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:IcedID
Create hunting rule
Author:kevoreilly
Description:IcedID Payload
Rule name:IcedIDStage1
Create hunting rule
Author:kevoreilly
Description:IcedID Payload

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments