MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 818076cbf3b8323b674d476b2862b3495cddcc13ef957f5bd9ec7f18bd436791. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 818076cbf3b8323b674d476b2862b3495cddcc13ef957f5bd9ec7f18bd436791
SHA3-384 hash: ced5ab6decc36602c3f10ace82e1e1d9e6724e514089bef27788b58d348d7ee66b38b7b1776ff300838cf837636fe412
SHA1 hash: 0afc8e4d74e6c767352caceb7e2744c34e330286
MD5 hash: 636a5ab924c9625c852637b0c6a5161f
humanhash: zebra-queen-ack-harry
File name:goibjitt1.dll
Download: download sample
Signature IcedID
Create hunting rule
File size:125'952 bytes
First seen:2020-11-12 00:12:44 UTC
Last seen:2024-07-24 18:09:00 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash d073c44d6ffc37d97bdaa1c33a644c15 (3 x IcedID)
ssdeep 3072:LraX0zF2V7yfDyrCQiQ+QWUR++882w8kQ6ls0:LraX0RY76OJRtQpUC
Threatray 648 similar samples on MalwareBazaar
TLSH F9C37C4071E185B0F2AF0A3E0466DA054BBEBD61DE789DFB3BC4154B4A752C16E32B63
Reporter malware_traffic
Tags:dll IcedID


Avatar
malware_traffic
run method: regsvr32.exe /s [filename]

Intelligence

File Origin
# of uploads :
3
# of downloads :
183
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BScope.TrojanSpy.Ursnif.24525.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
DNS request
Sending a custom TCP request
Connection attempt
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/531065
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/818076cbf3b8323b674d476b2862b3495cddcc13ef957f5bd9ec7f18bd436791/
Threat name:
Win32.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2020-11-12 00:29:08 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
3dfb74874b9c0b32b66ce96a97170fc430fed51a7cfdbf361e6c4febe2935e5d
IcedID
485ce80c6972762a04ff59597bdd71381688c73750e1dddae91ad33e8e6f01b8
IcedID
5bc0e27e86d9a4d5e7005669c12b97b56a42ac17fb5cc93de24f38527b5e97e1
IcedID
a24c5d4c11f1d46b03ae1539df341c7247e1f8809b27a3b873449a1be218bd1e
IcedID
ba4253b54cb921073ad49e34cf931ca6f1bcdd79a53366f36240d42b7f132ccb
IcedID
c034a9d379bc04593523f38b2e78ee67007c0f5cc89422087a9dcb25705d5282
IcedID
d25e3a7ed538968e9b78367cd8f8d20f8f55471a1eb27aae2774272fc8c1c1ce
IcedID
dc376b4c1d4acbdd5101df5d51bac34cc147b6fd499d741bc68145016fb3c574
IcedID
e75612b515f036b54d63ed2efa45afc9b167b78116d65a77b1f0fa69674ed51f
IcedID
f56ea10521a52f78bedbf51c0bbdf9c894e473a73f1da8d388afc85b4c95f727
IcedID
+ 638 additional samples on MalwareBazaar
Result
Malware family:
icedid
Create hunting rule
Score:
  10/10
Tags:
family:icedid banker trojan
Link:
https://tria.ge/reports/201112-2y71yy2skj/
Behaviour
Suspicious use of WriteProcessMemory
Blacklisted process makes network request
IcedID Core Payload
IcedID, BokBot
Unpacked files
SH256 hash:
daf2355866ae99654d952a0a8819dd12fbdc83f8b98f5d781181f063c908d5b7
MD5 hash:
e207326f1214b35ec6a4b4474f104bf9
SHA1 hash:
f6ff0e97c19bc1c4e2fd0b6ca936960f480b2a41
Link:
https://www.unpac.me/results/74c1b447-cf72-4e53-b038-0e2163f7187e/
SH256 hash:
818076cbf3b8323b674d476b2862b3495cddcc13ef957f5bd9ec7f18bd436791
MD5 hash:
636a5ab924c9625c852637b0c6a5161f
SHA1 hash:
0afc8e4d74e6c767352caceb7e2744c34e330286
Link:
https://www.unpac.me/results/74c1b447-cf72-4e53-b038-0e2163f7187e/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:crime_win32_banker_iceid_ldr1
Create hunting rule
Author:@VK_Intel
Description:Detects IcedId/BokBot png loader (unpacked)
Reference:twitter

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments