MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cccc59bb80ee4003e60632ef75835efe3a5ef2cdf762f6da95f5610f0647d3c1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cccc59bb80ee4003e60632ef75835efe3a5ef2cdf762f6da95f5610f0647d3c1
SHA3-384 hash: 3dd4b33669d89da73bb102a3577ca5b5158c6e63d240506c5c2d57c7593632fcaedc86f988ff2991c221000bbb2eb296
SHA1 hash: 43291b705edbe57d40ed0026757c4b2bd6f041df
MD5 hash: 55b08712979c9c95dc4891d70584fa57
humanhash: south-johnny-twelve-high
File name:ijuqca.dll
Download: download sample
File size:3'117'056 bytes
First seen:2021-02-28 12:48:11 UTC
Last seen:2021-02-28 14:54:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 29534b7037cd4726f1ea1f9461b4a42b
ssdeep 49152:cIOzHH4TIUbrqctqymwoA0UzYiejSndb94d87v8HdUnlPHybsBATHnWBOZFo:MYTlbrqzyRF0UsiejSn5Wd289UdGTHW+
Threatray 18 similar samples on MalwareBazaar
TLSH 20E5F1EE21543758C41A88389437FE04F2B2166E07F5D4AE76CBBAD07B7F8259A01B47
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
3
# of downloads :
692
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ijuqca.dll
Verdict:
No threats detected
Analysis date:
2021-02-28 12:51:04 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/92c1b0e8-7706-4461-a1dc-3ba199d7de69

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/120003/
Detection(s):
SecuriteInfo.com.Variant.Bulz.370931.20035.13527.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/621330
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 359651 Sample: ijuqca.dll Startdate: 28/02/2021 Architecture: WINDOWS Score: 56 28 Multi AV Scanner detection for submitted file 2->28 30 Machine Learning detection for sample 2->30 8 loaddll64.exe 1 2->8         started        process3 process4 10 regsvr32.exe 8->10         started        13 rundll32.exe 8->13         started        15 cmd.exe 1 8->15         started        signatures5 32 Tries to detect virtualization through RDTSC time measurements 10->32 17 iexplore.exe 1 74 15->17         started        process6 process7 19 iexplore.exe 149 17->19         started        dnsIp8 22 tls13.taboola.map.fastly.net 151.101.1.44, 443, 49762, 49763 FASTLYUS United States 19->22 24 geolocation.onetrust.com 104.20.184.68, 443, 49746, 49747 CLOUDFLARENETUS United States 19->24 26 8 other IPs or domains 19->26
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cccc59bb80ee4003e60632ef75835efe3a5ef2cdf762f6da95f5610f0647d3c1/
Threat name:
Win64.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2021-02-26 05:55:20 UTC
File Type:
PE+ (Dll)
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1d36ad7531393b119ef8e73253874e7af0f22f20a8072797d6ff243e7bb66bb8
21249ce24600b1feac26a2a9883f3c6de299681a924be281630bc3869f0f4044
8773b41b659c9e21f3ed0440869ea4f8955e09171e89430af2b8945a69b03e94
a488990c82230074fdf4f22a014a8f05dbb2bdc055c096c4d4a28b3a8055a648
b52960b7ce7ae8c007c59626859816296471b7810036baaa7b7b86c2cd6d6218
be703ee8d83c3eb95fd5a343fed3d2947d2b98955be3b6eb8dd4752be1047537
d8147651b1e8ce13e32578ec06753a4cb1a8ada46943f660753ee9749e87a96d
e8cdc889ac43fb8a641ef365c17196f4600ea07688d0a627e1e6bff7255a4946
f33c98f80a5d4647e5a0e5bc2a950d0aa99d0b14ed85467238b384f5e4e8f9e1
fdc5ae1a23f456d6edd75da1dedb29f1b8425292a6318d8e1374b3e1769fb7fe
+ 8 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210228-vvvjest276/
Unpacked files
SH256 hash:
cccc59bb80ee4003e60632ef75835efe3a5ef2cdf762f6da95f5610f0647d3c1
MD5 hash:
55b08712979c9c95dc4891d70584fa57
SHA1 hash:
43291b705edbe57d40ed0026757c4b2bd6f041df
Link:
https://www.unpac.me/results/df108522-12e9-42aa-97db-324be27c9d95/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/cccc59bb80ee4003e60632ef75835efe3a5ef2cdf762f6da95f5610f0647d3c1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/120003/

Comments