MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a09d8c487a135b973af532247d62f46695a53f37add6c66e561f1c14650290f5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a09d8c487a135b973af532247d62f46695a53f37add6c66e561f1c14650290f5
SHA3-384 hash: c41b2a95209b353aae445a3c45d8d4bcfb66a1518d8e24fa4b7bd16327ca0a10a32adf0213b04474a69227268c05c32d
SHA1 hash: 540f3ba581d2f0a4004da108ff20fb7a5c0b708c
MD5 hash: c33bd283a36d34b8de1826585e564530
humanhash: helium-glucose-venus-fifteen
File name:Maaywuku2.dll
Download: download sample
Signature IcedID
Create hunting rule
File size:125'952 bytes
First seen:2020-11-13 22:02:47 UTC
Last seen:2024-07-24 19:44:54 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash d073c44d6ffc37d97bdaa1c33a644c15 (3 x IcedID)
ssdeep 3072:KraX0zF2V7yfDyrKQiQ+QWUR++882w8kQ6ls0:KraX0RY76OBRtQpUC
Threatray 655 similar samples on MalwareBazaar
TLSH 45C37C4071E085B0F2AF0A3E0466DA054BBEBD61DE789DFB3BC4158B4A751C16E32B63
Reporter malware_traffic
Tags:dll IcedID


Avatar
malware_traffic
run method: Regsvr32.exe /s [filename]

Intelligence

File Origin
# of uploads :
2
# of downloads :
265
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
DNS request
Sending a custom TCP request
Connection attempt
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/534251
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a09d8c487a135b973af532247d62f46695a53f37add6c66e561f1c14650290f5/
Threat name:
Win32.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2020-11-14 02:21:37 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ucoyysd2cnnzooxvgish2yxum2k2kpzxvxlmm3swd4obizicsd2q._file
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
3dfb74874b9c0b32b66ce96a97170fc430fed51a7cfdbf361e6c4febe2935e5d
IcedID
5bc0e27e86d9a4d5e7005669c12b97b56a42ac17fb5cc93de24f38527b5e97e1
IcedID
818076cbf3b8323b674d476b2862b3495cddcc13ef957f5bd9ec7f18bd436791
IcedID
a24c5d4c11f1d46b03ae1539df341c7247e1f8809b27a3b873449a1be218bd1e
IcedID
ba4253b54cb921073ad49e34cf931ca6f1bcdd79a53366f36240d42b7f132ccb
IcedID
c034a9d379bc04593523f38b2e78ee67007c0f5cc89422087a9dcb25705d5282
IcedID
d25e3a7ed538968e9b78367cd8f8d20f8f55471a1eb27aae2774272fc8c1c1ce
IcedID
dc376b4c1d4acbdd5101df5d51bac34cc147b6fd499d741bc68145016fb3c574
IcedID
e75612b515f036b54d63ed2efa45afc9b167b78116d65a77b1f0fa69674ed51f
IcedID
f56ea10521a52f78bedbf51c0bbdf9c894e473a73f1da8d388afc85b4c95f727
IcedID
+ 645 additional samples on MalwareBazaar
Result
Malware family:
icedid
Create hunting rule
Score:
  10/10
Tags:
family:icedid banker trojan
Link:
https://tria.ge/reports/201113-qcc3gsjg6x/
Behaviour
Suspicious use of WriteProcessMemory
Blacklisted process makes network request
IcedID Core Payload
IcedID, BokBot
Unpacked files
SH256 hash:
a09d8c487a135b973af532247d62f46695a53f37add6c66e561f1c14650290f5
MD5 hash:
c33bd283a36d34b8de1826585e564530
SHA1 hash:
540f3ba581d2f0a4004da108ff20fb7a5c0b708c
Link:
https://www.unpac.me/results/bc74aa37-1185-42fc-ab86-4c3b0ca65f9c/
SH256 hash:
f3d07d7e7b5c8daa92afa0c9a1377a6abbf9d78ed2aff057d5f567c068648ad2
MD5 hash:
42b725fe140898e569d856f63ef5edc7
SHA1 hash:
640a918c3685ae4b025bf9cd6aa3fe8a6ab1b5d2
Link:
https://www.unpac.me/results/bc74aa37-1185-42fc-ab86-4c3b0ca65f9c/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:crime_win32_banker_iceid_ldr1
Create hunting rule
Author:@VK_Intel
Description:Detects IcedId/BokBot png loader (unpacked)
Reference:twitter

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments