MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c1111af153084f468c5d36ffcab28670c7a9b8212fc080b7fbe85fe7807d6e95. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c1111af153084f468c5d36ffcab28670c7a9b8212fc080b7fbe85fe7807d6e95
SHA3-384 hash: 51ad4d1bad4f3240e4667a9e9ca938a5f153903947e12e951533df152ec042273257253cec54e875d78ed595c16c59f1
SHA1 hash: 0950ee95d1735645fcc0d84a6b02177e00edabe3
MD5 hash: 8a1cab6e71c263c5f6bfe90cd8bdab0d
humanhash: jersey-music-dakota-pasta
File name:WSGaRIW.dll
Download: download sample
Signature IcedID
Create hunting rule
File size:143'360 bytes
First seen:2020-11-18 03:32:37 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 5806f179e13c919d78296de597bc5844 (2 x IcedID)
ssdeep 3072:w61vFQyQwYqq0+eLVDU118is6huqwV3Vv90X59r3h:wGopeBD5Z3V4X59r3
Threatray 519 similar samples on MalwareBazaar
TLSH 50E3AF0131D0C17AD50B523E84A2C265A3EABD215FF661C73BEA1EBF5F632815776382
Reporter malware_traffic
Tags:dll IcedID

Intelligence

File Origin
# of uploads :
1
# of downloads :
170
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
IcedID
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/540173
Signature
System process connects to network (likely due to code injection or exploit)
Tries to detect virtualization through RDTSC time measurements
Yara detected IcedID
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c1111af153084f468c5d36ffcab28670c7a9b8212fc080b7fbe85fe7807d6e95/
Threat name:
Win32.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2020-11-18 03:33:04 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
121494579fe7d4be119875fa31aa8b573911a797d528e1819d42373e5380bf18
IcedID
23e672e1c94cc4dc6af971fc62c0ec84c3bcf38e997acd9bea1bea72d707e46a
IcedID
3957edd82568c0a36a640bcf97ac6c2c8a594007702641c9879799ca6173247e
IcedID
63d55128088857806534c494ecb3f451354b1601a09ee3485300881c286351b7
IcedID
75a7cb73ca0e01413462b0ec15317c855bc24bec0850324b97eb72c4fd429313
IcedID
aee6295dab6fd012e5bd1ee352317e56bef5789e2e83e7d5cc743161cedd957b
IcedID
df63a9a56f4a68d159e7aaa9067e3c8be8cb3c2af583d087835b7d147f0903b1
IcedID
ecaca9ae95e94dbc976c80721085e6fc8ae36d47e905d784fcc3d178275d9de0
IcedID
f58d50deb7d8017efa4d9a4c772b1c400f1d8f2ad31b7bd8efdaaf6d11d70233
IcedID
f785ed5227ef3772947c15ba47992a8f36cce03cf7a6f31e3334af2050c59e18
IcedID
+ 509 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/201118-k8cfl6gz5n/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Blacklisted process makes network request
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments