MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55bc7ae7ab1017eb75387291424a67b9655d52e9357005caacbbb997dada592c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 55bc7ae7ab1017eb75387291424a67b9655d52e9357005caacbbb997dada592c
SHA3-384 hash: 8f0473dd567710b69a9b2f13a334551bdbb35d25c5e2c7392f1b658f0b9e47961862e5f30ea89ee4c49c76692439d455
SHA1 hash: 77d0781343f02cf5636f6be94e37b1cd61975275
MD5 hash: 2f9f7be08b17f2cdcaabc4c7dae6c9bd
humanhash: diet-leopard-arkansas-four
File name:fuzo12.bin
Download: download sample
Signature IcedID
Create hunting rule
File size:216'576 bytes
First seen:2020-09-17 21:27:03 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash d26d819c9035c795a5bbe4bce9b3d935 (12 x IcedID)
ssdeep 6144:6ZLwAyyWMa3NIBkL6LDW8dTZdw702edvxiuYOO6umz4:6ZLwAyyHadIBkLIi8dTL2SvguYOO1mk
Threatray 132 similar samples on MalwareBazaar
TLSH 0924AE117940C0B2D1EE1A385478DABA427DB9644FF588EFA7D8073E5E342C26B34E67
Reporter malware_traffic
Tags:dll IcedID Shathak TA551

Intelligence

File Origin
# of uploads :
1
# of downloads :
171
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/63056/
Detection(s):
SecuriteInfo.com.Trojan.IcedID.30.28549.12949.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
DNS request
Sending a custom TCP request
Sending a UDP request
Result
Threat name:
IcedID
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/469575
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected IcedID
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 287211 Sample: fuzo12.bin Startdate: 17/09/2020 Architecture: WINDOWS Score: 68 45 Multi AV Scanner detection for submitted file 2->45 47 Yara detected IcedID 2->47 7 loaddll32.exe 1 2->7         started        process3 process4 9 rundll32.exe 7->9         started        13 rundll32.exe 7->13         started        15 rundll32.exe 7->15         started        17 3 other processes 7->17 dnsIp5 31 104.244.42.195, 443, 49749 TWITTERUS United States 9->31 33 www.intel.com 9->33 43 3 other IPs or domains 9->43 49 System process connects to network (likely due to code injection or exploit) 9->49 51 Contains functionality to detect hardware virtualization (CPUID execution measurement) 9->51 19 WerFault.exe 20 9 9->19         started        21 WerFault.exe 9->21         started        35 s.twitter.com 104.244.42.67, 443, 49737 TWITTERUS United States 13->35 37 help.twitter.com 13->37 39 help.twitter.com 15->39 23 WerFault.exe 9 15->23         started        41 help.twitter.com 17->41 25 WerFault.exe 9 17->25         started        27 WerFault.exe 17->27         started        29 WerFault.exe 17->29         started        signatures6 process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/55bc7ae7ab1017eb75387291424a67b9655d52e9357005caacbbb997dada592c/
Threat name:
Win32.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2020-09-17 21:28:06 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kw6hvz5lcal6w5jyokiuesthxfsv2uxjgvyalsvmxo4zpww2lewa._file
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
23be804db20cb450cf53fc82143ac34b9e741035c511af3e5c9880e7b3a70b3a
IcedID
530001e38045813d7276694c428b64b4dc5a15b77f2b3cc757f64b8d34bcf815
IcedID
6571b88739b154807adbbe7b8d3ff75543887405f066489fb773a2186b862132
IcedID
74c2d430eb964fbf5b3a1e37bb6f8770e571ef8998f71d945a479bba4a42d2cc
IcedID
9c2b9591aa625e3dd4d8eae345b24e331bf731c9d5fa6455ac8e79bd6ec5d0d0
IcedID
9f8ff8da154960d17a3225675a85372e7a70aca93df8bdfb887eb22c16b4dfe3
IcedID
a95efda438fdee4b4866287c2cfe9d89772a46c5d9d22377c8c63e43b2c93295
IcedID
ab08d113bb0f4fb6aa96997d03853aac162f93d8e6926de224186ab35255f310
IcedID
c91847b9b00dddebd4f694412f2cc4c7346c15aa3cda2da856d9b0860a17ec50
IcedID
d67e1fd5d40e841c1aedbbf65d5f72a69da5ac54e48ae92da1f428c9f18d8363
IcedID
+ 122 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200917-tberlgqsk2/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/55bc7ae7ab1017eb75387291424a67b9655d52e9357005caacbbb997dada592c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/63056/

Comments