MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b5ee8bde9bf943f32d713d4554e7c6f60e316f9ca6c259ea90c758f59a0b3774. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

IcedID

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	b5ee8bde9bf943f32d713d4554e7c6f60e316f9ca6c259ea90c758f59a0b3774
SHA3-384 hash:	d0437757249b4ed05fb21f0bd808d6ae21d9da0f9ff6ffceef646e0d81b464f4315d34e750fc5ae7f930de0461741046
SHA1 hash:	6561aa938448968e51a727bd71c32ea04e4d2df4
MD5 hash:	5c7546b17874364b5854640e6cda5ac8
humanhash:	tennis-oregon-bulldog-cola
File name:	rubi8.dll
Download:	download sample
Signature	IcedID Create hunting rule
File size:	339'456 bytes
First seen:	2020-08-04 01:16:07 UTC
Last seen:	2020-08-04 11:34:30 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	32ce59bcbbe1bc4b352210a02694fc76 (1 x IcedID)
ssdeep	6144:60HFhL9ANrm1onfaVTEm9IUHAOJC+uMQ0:60lhL9OrjnCCYO+V
Threatray	6 similar samples on MalwareBazaar
TLSH	84748D00B582D036F8BF057088BA85AA5A6C79610764E8D7A3D8197E5FBFDC16E30F17
Reporter	Jirehlov
Tags:	dll IcedID

Intelligence

File Origin

# of uploads :

3

# of downloads :

118

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/38122/

Detection(s):

PUA.Win.Downloader.Aiis-6803892-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Result

Threat name:

IcedID

Detection:

malicious

Classification:

troj.evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/408542

Signature

Contains functionality to detect hardware virtualization (CPUID execution measurement)

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

System process connects to network (likely due to code injection or exploit)

Yara detected IcedID

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b5ee8bde9bf943f32d713d4554e7c6f60e316f9ca6c259ea90c758f59a0b3774/

Threat name:

Win32.Trojan.IcedID

Status:

Malicious

First seen:

2020-08-03 15:41:00 UTC

File Type:

PE (Dll)

AV detection:

19 of 28 (67.86%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=wxxixxu37fb7gllrhvcvjz6g6yhdc344u3bft2uqy5mplgqlg52a._file

Verdict:

suspicious

Similar samples:

220692447db8ec5fd227350ebd196656fcaf427ddbf8eb1c5c8a9193ae5fb5f2

2d50a390d2dc0af303ccd045e4c4a65304f05e69dc43370d79beee54e2f156b2

346b977e05b99881c7ec168c2fa0b68f84ec633d764eb52dd9795e372f45b1b4

34fd926b213a1c5726124dff74dbf69c731f8e823168d17cc1c9448501ed314f

70b4713e481a3df6610b652da34bb4a5d831ee8fc5166682e5c95a3e3da76d87

bd328175e9126a917184da2c0131e04f7b47aa80764541f4a46f315f4afedabc

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/200804-n5bdtmaxrn/

Behaviour

Suspicious use of WriteProcessMemory

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Program crash

Blacklisted process makes network request

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Valak

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b5ee8bde9bf943f32d713d4554e7c6f60e316f9ca6c259ea90c758f59a0b3774

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/38122/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample