MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b97cc0d33b7a728206da8f7b3b46bdf383cab4999db18fb11bda86c4a16c6fa9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

IcedID

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	b97cc0d33b7a728206da8f7b3b46bdf383cab4999db18fb11bda86c4a16c6fa9
SHA3-384 hash:	48fa5522caf52c2218e2a1a8e8000143c9a424b087bad54f9de9fb1c1b729aebb81ce6b50f162a6db69b6df18ecb67e2
SHA1 hash:	276b93b5a9a4d736ab00256f33fe3991bc772d8d
MD5 hash:	d966d5b7e8f66c536b2b8934e6231ba8
humanhash:	island-bulldog-lamp-mexico
File name:	IcedID
Download:	download sample
Signature	IcedID Create hunting rule
File size:	208'896 bytes
First seen:	2020-07-17 07:28:52 UTC
Last seen:	2020-07-17 08:41:04 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	efb1e2253352994f30845d88edeb93a7 (6 x IcedID)
ssdeep	3072:vWjpDfxpSlwNmpsfIe/WiST+6w1kYmovEIwMp56jhASRm:vWNbiuNmRUWZ1YmoBrKhDR
Threatray	723 similar samples on MalwareBazaar
TLSH	47148D013784D035D2BF46394938E668077EBD70CFA19A5BBBD88E4F5A78181BE21763
Reporter	JAMESWT_WT
Tags:	IcedID

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/27255/

Detection(s):

SecuriteInfo.com.Trojan.GenericKDZ.68762.20874.25873.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Sending an HTTP GET request

Launching the default Windows debugger (dwwin.exe)

Sending a TCP request to an infection source

Result

Threat name:

IcedID

Detection:

malicious

Classification:

troj

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/389008

Signature

Multi AV Scanner detection for submitted file

Yara detected IcedID

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b97cc0d33b7a728206da8f7b3b46bdf383cab4999db18fb11bda86c4a16c6fa9/

Threat name:

Win32.Trojan.IcedID

Status:

Malicious

First seen:

2020-07-17 04:14:25 UTC

File Type:

PE (Dll)

AV detection:

20 of 29 (68.97%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=xf6mbuz3pjziebw2r55twrv56ob4vneztwyy7mi33kdmjilmn6uq._file

Verdict:

malicious

Label(s):

icedid

gozi

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/200717-2lhp4qabpe/

Behaviour

Suspicious behavior: EnumeratesProcesses

Modifies system certificate store

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Blacklisted process makes network request

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b97cc0d33b7a728206da8f7b3b46bdf383cab4999db18fb11bda86c4a16c6fa9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/27255/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample