MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a81aa093f5b1278af943f7b47498e2b3847394187e19a66b3bd5e6a302dc9e38. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

IcedID

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	a81aa093f5b1278af943f7b47498e2b3847394187e19a66b3bd5e6a302dc9e38
SHA3-384 hash:	d45c1afb0533159048fe5f7561f965bd715f457f3aedd207852ef43ceeee9f22c2ae5dd51dcee70c579829764238db76
SHA1 hash:	6a2d1dddc1f936f8e189d728061608c37a9c64d6
MD5 hash:	0f186c754456968713564296063cd9cc
humanhash:	item-fillet-speaker-stairway
File name:	SecuriteInfo.com.Gen.NN.ZedlaF.34136.iy8@aK6Xubki.15788
Download:	download sample
Signature	IcedID Create hunting rule
File size:	144'384 bytes
First seen:	2020-07-15 18:44:09 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	01e959959a9d2aa736034c1c52b0b2ae (2 x IcedID, 1 x Gozi)
ssdeep	3072:59f/ubcISGW7qyrIvTH2u38RCQzF+K2WWaIrExRMJd:5I4J57ZrIrWu38fp2WUFJd
Threatray	1'132 similar samples on MalwareBazaar
TLSH	81E3AF017A81D472E6BF1D390974E675073D3D20EBA48EAB77C42A7A5E700D0AE35E27
Reporter	SecuriteInfoCom
Tags:	IcedID

Intelligence

File Origin

# of uploads :

# of downloads :

104

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/26173/

Detection(s):

SecuriteInfo.com.Gen.NN.ZedlaF.34136.iy8@aK6Xubki.15788.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

DNS request

Sending a custom TCP request

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a81aa093f5b1278af943f7b47498e2b3847394187e19a66b3bd5e6a302dc9e38/

Threat name:

Win32.Trojan.IcedID

Status:

Malicious

First seen:

2020-07-15 18:46:05 UTC

AV detection:

19 of 28 (67.86%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=vankbe7vwetyv6kd662hjghcwochhfaypym2m2z32xtkgaw4ty4a._file

Verdict:

malicious

Label(s):

icedid

gozi

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/200715-z3ee78sr4s/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Modifies system certificate store

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Blacklisted process makes network request

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/26173/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample