MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e0a4280ea1f844aa28c808c5931e3e245730b70d3c8d6ff8d5c13eaaa7115980. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e0a4280ea1f844aa28c808c5931e3e245730b70d3c8d6ff8d5c13eaaa7115980
SHA3-384 hash: ffa0032022c6b1a2cbbe6de566a8b7410dab1704334b124ed5d931c9f0d3be1330e9c0f02660f6b13d923ed27bc11597
SHA1 hash: 04ad076a8b088d40de4057ba95e23ed59f9925f3
MD5 hash: c0f80fcf06f37d482a9bbd2ff3a7de62
humanhash: stream-robert-xray-violet
File name:liut13.bin
Download: download sample
Signature IcedID
Create hunting rule
File size:176'128 bytes
First seen:2020-07-30 17:36:55 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 4aa163fad232bda6f6345e56c47550eb (22 x IcedID, 4 x Gozi)
ssdeep 3072:6KBCXLIOI4Bg6YJdC1ZxZgpARBk+ltNuVH:6wCCJA8sB3tg
Threatray 734 similar samples on MalwareBazaar
TLSH 22047C123690C072D6AA0B3D0473CB5173FBB5A1CF74A5C3BB952A8E5E627D09E39346
Reporter malware_traffic
Tags:dll IcedID Shathak TA551

Intelligence

File Origin
# of uploads :
1
# of downloads :
123
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Feodo
Create hunting rule
Link:
https://www.capesandbox.com/analysis/35682/
Detection(s):
SecuriteInfo.com.Generic.mg.c0f80fcf06f37d48.32358.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Result
Threat name:
IcedID
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/404263
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Tries to detect virtualization through RDTSC time measurements
Yara detected IcedID
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e0a4280ea1f844aa28c808c5931e3e245730b70d3c8d6ff8d5c13eaaa7115980/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-30 17:38:06 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4cscqdvb7bckukgibdczghr6erltbnynhsgw76gvye7kvjyrlgaa._file
Verdict:
malicious
Label(s):
icedid
Create hunting rule
gozi
Create hunting rule
Similar samples:
10541da23f1a6299fe00f9657b9dad7dae53c3091f39f1cfec03f30a93286168
IcedID
1f5672777a723b52064ff3876f7d582c524483a5205eb509a9aa6c5566fd4f71
IcedID
202e93ce45541da3971aebc5ec5027209ab9ce01cfd65e229ecf90d396b8201d
IcedID
26814ac4a62e9a9a3fe1059ba49709b161085cc3a1cbbdf5ee20beb742908083
IcedID
5e5d856ef6917165ca56dc2e356a25f7b86e902feb29d3570d84b2bd0b7d1529
IcedID
7d97f43bdac6a0420b701f622c164af9f6aed64cb5f3cdbdc3bc44088b0ac2d9
IcedID
97c5b7288083a6a65513aff8ef98a3b53c7509ef7eaf8b5f220ff908e4fe92bb
IcedID
9e7743f112f712bdd9d1658079701138fdb195d73957b894acf5017f63feac94
IcedID
b3a9d5d233d155daf54e2ef3e7694e3e1659c0465c34fe0043007fb6983cb32d
IcedID
da4e1bb6c651a569ee44eb2d2a37eaae7035a46d8281592b77666f0819fcf1c8
IcedID
+ 724 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200730-ecbraqbjfn/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Blacklisted process makes network request
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e0a4280ea1f844aa28c808c5931e3e245730b70d3c8d6ff8d5c13eaaa7115980

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/35682/

Comments