MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df0b5d6ca7ba81e22d98e1f4dafe4d222ce496c31299e4189d8d773d9b70d6ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence File information 2 Yara 1 Comments 1

SHA256 hash: df0b5d6ca7ba81e22d98e1f4dafe4d222ce496c31299e4189d8d773d9b70d6ec
SHA1 hash: 3c112035583e43c268e09db9993e2f4625167989
MD5 hash: 3b82f69f02e87b41cb2f59b5ffa83143
File name:~6981343.exe
Download: download sample
Signature IcedID
File size:208'896 bytes
First seen:2020-05-23 00:39:05 UTC
Last seen:2020-05-23 01:45:43 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5d80857374b49e1f7fbd71ef02d96b77
ssdeep 3072:ZJBeETvF3THd0gojWGr9UeofzrgYIfDLMdaj1fE5ol1QNH14uHWJt:jBtNBNoqet3uMj1sBH9
TLSH 34140A113AA880B2CDD3E97C6E9557B6F171BC018E7B458BFF92EB4D38712169E12213
Reporter @malware_traffic


Mail intelligence No data
# of uploads 3
# of downloads 28
Origin country US US
VirusTotal:Virustotal results 8.33%
ReversingLabs :No data

Yara Signatures

Rule name:Cobalt_functions
Description:Detect functions coded with ROR edi,D; Detect CobaltStrike used by differents groups APT

File information

The table below shows additional information about this malware sample such as delivery method and external references.


Brad commented on 2020-05-23 00:45:32 UTC

IcedID (Bokbot) malware