MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ddcf95d87542f2df67aff8941fcd92c71cc704698b00923791e21285f82bb01a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ddcf95d87542f2df67aff8941fcd92c71cc704698b00923791e21285f82bb01a
SHA3-384 hash: de955f5aadc3071dd04bb137110a48efab62b42165aedbf5fd39c31903b01115a48841f68973abfe6bada9d469840c13
SHA1 hash: 9138d0f35ab8adb1c4c53fed1c0ef42b3fc36a80
MD5 hash: 37fbb57b3513c6e9417718292a68b8ed
humanhash: finch-cat-neptune-nitrogen
File name:VSMecyU.dll
Download: download sample
Signature IcedID
Create hunting rule
File size:134'656 bytes
First seen:2020-11-13 21:43:34 UTC
Last seen:2024-07-24 22:11:32 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 14a49883c83ac5c80b38772e4632181d (3 x IcedID)
ssdeep 3072:Dm47Fjg3bql2O94QDQt+QC+uFkoQzJDw8URT:TTl2JTC7EZUR
Threatray 840 similar samples on MalwareBazaar
TLSH B5D38C0232909475F2BF1BFD04668A1147BEBCA1DFB099C7BBD4295EAA361C05E31B53
Reporter malware_traffic
Tags:dll IcedID


Avatar
malware_traffic
Run method: rundll32.exe [filename],DllRegisterServers

Intelligence

File Origin
# of uploads :
3
# of downloads :
248
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Mikey.116711.18809.19595.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Creating a window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
IcedID
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/534261
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Yara detected IcedID
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ddcf95d87542f2df67aff8941fcd92c71cc704698b00923791e21285f82bb01a/
Threat name:
Win32.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2020-11-14 02:10:12 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
33d4b93f27fa6d5f68443a35b0640269b3f6a1cfd8e0015361e462bc369b0133
IcedID
4d00dd3d606e59496069e836b1c4466d5a11a1a03c2207947f64e4442099657a
IcedID
50b55b6f0ece35b30db3ceac5a06c37a39141d4419dac0c2b08cb6fd4de15dcb
IcedID
54a1ff16fd63ead406eec7b18303d4998ff43c078dc8c4257d6ba593a3e3b24d
IcedID
79d585b28d8211b54994c24243d7051ca849e2104d1aa08b50584ef36b359d59
IcedID
b25c8c35e0e2a69aa6b02ffd44e3117a4a103b626ea85ea77771ff35efd9449b
IcedID
b5399025d73dfb850df68017dfa81ce5f83bd9eeb7db056fffeca55ad3bcea65
IcedID
e78cec26b2161c90b29869ab28fe59fc8224de56dc231cb7164bfbb043642f87
IcedID
ecfe29ac7905d40cd43e79c1ade25e12c3d01827a49f4a6a7abbea2b65eae839
IcedID
f48c86c1b8852dbbc17c494a64641769a6e37bbcb5a185f120a017b1f183b278
IcedID
+ 830 additional samples on MalwareBazaar
Result
Malware family:
icedid
Create hunting rule
Score:
  10/10
Tags:
family:icedid banker trojan
Link:
https://tria.ge/reports/201113-a3avslaeds/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Blacklisted process makes network request
IcedID, BokBot
Unpacked files
SH256 hash:
ddcf95d87542f2df67aff8941fcd92c71cc704698b00923791e21285f82bb01a
MD5 hash:
37fbb57b3513c6e9417718292a68b8ed
SHA1 hash:
9138d0f35ab8adb1c4c53fed1c0ef42b3fc36a80
Link:
https://www.unpac.me/results/88191baa-7400-4f3b-92e2-8b216fbcc322/
SH256 hash:
846b23847f1091f9d686cbfd858b198267b25e88bd585139a4bf8b460b6852a0
MD5 hash:
1dc46f5b12a6eaacf27f08dcaed28978
SHA1 hash:
8efc1edb38a471e4ae21640a1eb7839776a4c68c
Link:
https://www.unpac.me/results/88191baa-7400-4f3b-92e2-8b216fbcc322/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:IcedID
Create hunting rule
Author:kevoreilly
Description:IcedID Payload
Rule name:IcedIDStage1
Create hunting rule
Author:kevoreilly
Description:IcedID Payload

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments