MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70e1d2fba60a7d20e531b09ff328fef21b82bb7e87d78a48f964d82c7dd2680f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 70e1d2fba60a7d20e531b09ff328fef21b82bb7e87d78a48f964d82c7dd2680f
SHA3-384 hash: a403d69db12007f81df665549d7861950080760f0dfef86be871db0c6e5dc40bb881d61162477309960303c40479799f
SHA1 hash: 04a3fdf64b80099623856bc5bef35af2fa55601c
MD5 hash: a5fb8563ce0eced343a7b9a3b4a6d915
humanhash: floor-connecticut-solar-october
File name:iceix_1.1.5.0.vir
Download: download sample
Signature ZeuS
File size:259'584 bytes
First seen:2020-07-19 19:50:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e58ab46f2a279ded0846d81bf0fa21f7
ssdeep 6144:UxXwNJIG3YmgtpwknC4SY0fnJBA0+9FsEpkKBFa:/13YmgtznQnJpADR3a
TLSH E24412F3C71195CAE91EDE7954B68F520AB1EB39D281132239C8EB6B78333121439E57
Reporter @tildedennis
Tags:iceix ZeuS


Twitter
@tildedennis
iceix version 1.1.5.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
44
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Bredo
Status:
Malicious
First seen:
2011-10-14 21:01:00 UTC
AV detection:
29 of 31 (93.55%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Behaviour
UPX packed file
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments