MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99933acb9924e02af90c47a256c1aeef47b4b93ad787c0611a1722232ff96fa5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

IcedID

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	99933acb9924e02af90c47a256c1aeef47b4b93ad787c0611a1722232ff96fa5
SHA3-384 hash:	0bdaad4d4274d66cb90a2fe87d51b51aa1c5c45d0aa3deb6a29cd9a85e555ef5a53bdfaa46aaa3455e04549964d99a43
SHA1 hash:	8235827e55ab1cb17cc8109883546ca9f6fd087c
MD5 hash:	a84c0ac1a65093654b58f8d792746e8b
humanhash:	mirror-single-maine-bacon
File name:	temp.tmp
Download:	download sample
Signature	IcedID Create hunting rule
File size:	458'032 bytes
First seen:	2020-10-15 00:39:21 UTC
Last seen:	2020-10-15 01:58:55 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	af234412c61f3039a095ae3e4a9a73d6 (6 x IcedID)
ssdeep	6144:fp8UAO6FESk1R9RI2YHGJ5/l1CDoJg3vtcRQYJHxaL8vdSA:fp8UBSY9mHGJ5/lwDFcGYJRBv9
Threatray	438 similar samples on MalwareBazaar
TLSH	92A45C01B6E18034F4F316F949BE52689B3D7EA01B2494DF52C12DED8A35EE0AD31B67
Reporter	malware_traffic
Tags:	dll IcedID Shathak TA551

Intelligence

File Origin

# of uploads :

# of downloads :

133

Origin country :

n/a

Vendor Threat Intelligence

Detection:

IcedID

Link:

https://www.capesandbox.com/analysis/71134/

Detection(s):

SecuriteInfo.com.ML.PE-A.1480.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Launching the default Windows debugger (dwwin.exe)

Result

Threat name:

Unknown

Detection:

clean

Classification:

n/a

Score:

5 / 100

Link:

https://www.joesandbox.com/analysis/491843

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/99933acb9924e02af90c47a256c1aeef47b4b93ad787c0611a1722232ff96fa5/

Threat name:

Win32.Trojan.IcedID

Status:

Malicious

First seen:

2020-10-15 00:41:05 UTC

AV detection:

20 of 29 (68.97%)

Threat level:

5/5

Verdict:

malicious

Label(s):

icedid

Result

Malware family:

icedid

Score:

10/10

Tags:

trojan banker family:icedid

Link:

https://tria.ge/reports/201015-q67zbdh8ne/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Program crash

Blacklisted process makes network request

IcedID First Stage Loader

IcedID, BokBot

Unpacked files

SH256 hash:

99933acb9924e02af90c47a256c1aeef47b4b93ad787c0611a1722232ff96fa5

MD5 hash:

a84c0ac1a65093654b58f8d792746e8b

SHA1 hash:

8235827e55ab1cb17cc8109883546ca9f6fd087c

Link:

https://www.unpac.me/results/2713e96b-9371-484f-ba55-c7355661c978/

SH256 hash:

311c4e858d8b4c6381e3be6aff578467b4542c89d7a5a4363c05f55d61d78a56

MD5 hash:

6eb1ff4f8254633ec036cff33e431d15

SHA1 hash:

c48ee9846f3bb4aee08ee82735c74677d67f1c45

Link:

https://www.unpac.me/results/2713e96b-9371-484f-ba55-c7355661c978/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Trojan

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/99933acb9924e02af90c47a256c1aeef47b4b93ad787c0611a1722232ff96fa5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/71134/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample