MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4df39fd80257e14192e2d2edc4500883edd7921e0be92d664ec4b995d8f82f24. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4df39fd80257e14192e2d2edc4500883edd7921e0be92d664ec4b995d8f82f24
SHA3-384 hash: 7cf77d8c8c0580bfab470e7925f094e6c431fcc07da6762c27f4cddedeb0b38a81b2af47ad10a903c1b8046be8cbfb9b
SHA1 hash: da0f1fb7b9ca42f6ea7298f19a54121fd2660737
MD5 hash: ad3778f31b3d3cc4ca4c51e3ffe9464a
humanhash: aspen-friend-carbon-mississippi
File name:fuzo7.bin
Download: download sample
Signature IcedID
Create hunting rule
File size:431'104 bytes
First seen:2020-09-17 20:55:07 UTC
Last seen:2020-09-17 21:59:27 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 7db1c33a4ead725fd9631740feee9107 (1 x IcedID)
ssdeep 6144:Ipzb4zDZWem6SDwg21fh0k2Pk4+o9ydY//iptLNu5H32KgKC:IpzWDYemdkh1fj/dY/ctLNu5H3CK
Threatray 336 similar samples on MalwareBazaar
TLSH F7943A01BBA18034F5BF16F975BE6168953D7DE05B2094CB93C02AED9A74AE0ED30B17
Reporter malware_traffic
Tags:dll IcedID Shathak TA551

Intelligence

File Origin
# of uploads :
2
# of downloads :
168
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/63052/
Detection(s):
PUA.Win.Packer.PrivateExeProte-11
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
DNS request
Sending a custom TCP request
Result
Threat name:
IcedID
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/469553
Signature
Antivirus / Scanner detection for submitted sample
Binary contains a suspicious time stamp
Contains functionality to detect hardware virtualization (CPUID execution measurement)
System process connects to network (likely due to code injection or exploit)
Tries to detect virtualization through RDTSC time measurements
Yara detected IcedID
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 287200 Sample: fuzo7.bin Startdate: 17/09/2020 Architecture: WINDOWS Score: 76 45 Antivirus / Scanner detection for submitted sample 2->45 47 Yara detected IcedID 2->47 49 Binary contains a suspicious time stamp 2->49 7 loaddll32.exe 1 2->7         started        process3 process4 9 rundll32.exe 7->9         started        13 rundll32.exe 7->13         started        15 rundll32.exe 7->15         started        17 3 other processes 7->17 dnsIp5 31 ldrmercury.casa 142.93.218.110, 443, 49770 DIGITALOCEAN-ASNUS United States 9->31 37 3 other IPs or domains 9->37 51 System process connects to network (likely due to code injection or exploit) 9->51 53 Contains functionality to detect hardware virtualization (CPUID execution measurement) 9->53 55 Tries to detect virtualization through RDTSC time measurements 9->55 19 WerFault.exe 17 9 9->19         started        21 WerFault.exe 9->21         started        39 3 other IPs or domains 13->39 23 WerFault.exe 3 9 13->23         started        25 WerFault.exe 13->25         started        41 3 other IPs or domains 15->41 27 WerFault.exe 15->27         started        33 www.intel.com 17->33 35 www.intel.com 17->35 43 2 other IPs or domains 17->43 29 WerFault.exe 17->29         started        signatures6 process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4df39fd80257e14192e2d2edc4500883edd7921e0be92d664ec4b995d8f82f24/
Threat name:
Win32.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2020-09-17 20:57:05 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jxzz7wack7qudexc2lw4iuaiqpw5peq6bpus2zsoys4zlwhyf4sa._file
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
23be804db20cb450cf53fc82143ac34b9e741035c511af3e5c9880e7b3a70b3a
IcedID
530001e38045813d7276694c428b64b4dc5a15b77f2b3cc757f64b8d34bcf815
IcedID
6571b88739b154807adbbe7b8d3ff75543887405f066489fb773a2186b862132
IcedID
74c2d430eb964fbf5b3a1e37bb6f8770e571ef8998f71d945a479bba4a42d2cc
IcedID
9c2b9591aa625e3dd4d8eae345b24e331bf731c9d5fa6455ac8e79bd6ec5d0d0
IcedID
9f8ff8da154960d17a3225675a85372e7a70aca93df8bdfb887eb22c16b4dfe3
IcedID
a95efda438fdee4b4866287c2cfe9d89772a46c5d9d22377c8c63e43b2c93295
IcedID
b5399025d73dfb850df68017dfa81ce5f83bd9eeb7db056fffeca55ad3bcea65
IcedID
c91847b9b00dddebd4f694412f2cc4c7346c15aa3cda2da856d9b0860a17ec50
IcedID
d67e1fd5d40e841c1aedbbf65d5f72a69da5ac54e48ae92da1f428c9f18d8363
IcedID
+ 326 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200917-g363fv4tqn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4df39fd80257e14192e2d2edc4500883edd7921e0be92d664ec4b995d8f82f24

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/63052/

Comments