MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a9f651747ef040972d25a7f039a4853c9ed151ad252380e1e75af32ddc4ece82. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a9f651747ef040972d25a7f039a4853c9ed151ad252380e1e75af32ddc4ece82
SHA3-384 hash: 7d69dba975670cc88ea38be09d6a6d1bb974ffde3aabfd4d173cdd7bd4d5fd604390a7c69a4bd32afb76a780a0a50bdc
SHA1 hash: a59746c16223fa4524d78e32ebe9f50e11e7382d
MD5 hash: 8ce080d4d3f62e18b7a837d24f1c16ae
humanhash: cat-lithium-steak-rugby
File name:~370531.dll
Download: download sample
Signature IcedID
Create hunting rule
File size:188'416 bytes
First seen:2020-11-18 03:32:19 UTC
Last seen:2020-11-19 05:40:28 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash d10caff375872bd139551935d00b7f46 (1 x IcedID)
ssdeep 3072:27p8xZ+y4T/xsuPQWanFQ0YE58xhmZuvlCeOP:5E/+uo3FxQmZutk
Threatray 67 similar samples on MalwareBazaar
TLSH 8104AE0131C5C17AE55F063E4466C63562AE78114FF896C7BFD98E8F8B362D7AA32342
Reporter malware_traffic
Tags:dll IcedID

Intelligence

File Origin
# of uploads :
3
# of downloads :
183
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/540174
Signature
Antivirus detection for URL or domain
Contains functionality to detect hardware virtualization (CPUID execution measurement)
System process connects to network (likely due to code injection or exploit)
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a9f651747ef040972d25a7f039a4853c9ed151ad252380e1e75af32ddc4ece82/
Threat name:
Win32.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2020-11-18 03:33:03 UTC
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
3dfb74874b9c0b32b66ce96a97170fc430fed51a7cfdbf361e6c4febe2935e5d
IcedID
818076cbf3b8323b674d476b2862b3495cddcc13ef957f5bd9ec7f18bd436791
IcedID
a09d8c487a135b973af532247d62f46695a53f37add6c66e561f1c14650290f5
IcedID
a24c5d4c11f1d46b03ae1539df341c7247e1f8809b27a3b873449a1be218bd1e
IcedID
ba4253b54cb921073ad49e34cf931ca6f1bcdd79a53366f36240d42b7f132ccb
IcedID
c034a9d379bc04593523f38b2e78ee67007c0f5cc89422087a9dcb25705d5282
IcedID
d25e3a7ed538968e9b78367cd8f8d20f8f55471a1eb27aae2774272fc8c1c1ce
IcedID
dc376b4c1d4acbdd5101df5d51bac34cc147b6fd499d741bc68145016fb3c574
IcedID
e75612b515f036b54d63ed2efa45afc9b167b78116d65a77b1f0fa69674ed51f
IcedID
f56ea10521a52f78bedbf51c0bbdf9c894e473a73f1da8d388afc85b4c95f727
IcedID
+ 57 additional samples on MalwareBazaar
Result
Malware family:
icedid
Create hunting rule
Score:
  10/10
Tags:
family:icedid banker trojan
Link:
https://tria.ge/reports/201118-d2gq6zjvps/
Behaviour
Suspicious use of WriteProcessMemory
Blacklisted process makes network request
IcedID Core Payload
IcedID, BokBot
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments