MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e333ee8df8edc262e5fe1c6c8bb448da22870204b2cbfff8a663571ca5cc4f0e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

IcedID

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	e333ee8df8edc262e5fe1c6c8bb448da22870204b2cbfff8a663571ca5cc4f0e
SHA3-384 hash:	041015465cb9f8131b4e922c0e559db1de3a9fe8d5227aabcd4a44276878b11de23f895b1a8144c8fc24c78b90236907
SHA1 hash:	44d4416cb37e53dfff0c8e7e587080e4555132aa
MD5 hash:	e56934ba1deb67aed02c8b51fe56a0d7
humanhash:	apart-single-texas-oranges
File name:	wymuq5cab
Download:	download sample
Signature	IcedID Create hunting rule
File size:	294'400 bytes
First seen:	2020-10-07 15:11:31 UTC
Last seen:	2020-10-07 16:09:29 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	cfe4fc9d8cfa0ffdbbc7bb24b2e57c8a (2 x IcedID)
ssdeep	6144:KjP/6SUwpx7imGaDjuzCVEunJMXwDHhQbAO9h08fC2j:KTzrTimGaDylunJMqqb/nfh
Threatray	383 similar samples on MalwareBazaar
TLSH	76549D11F982C0B2E4B206314478DB7247BDB9210FA5CEE7A394196D8EB76C09B35DF6
Reporter	JAMESWT_WT
Tags:	dll IcedID

Intelligence

File Origin

# of uploads :

# of downloads :

164

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/68979/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

DNS request

Sending a custom TCP request

Result

Threat name:

IcedID

Detection:

malicious

Classification:

troj.evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/484355

Signature

Contains functionality to detect hardware virtualization (CPUID execution measurement)

System process connects to network (likely due to code injection or exploit)

Tries to detect virtualization through RDTSC time measurements

Yara detected IcedID

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e333ee8df8edc262e5fe1c6c8bb448da22870204b2cbfff8a663571ca5cc4f0e/

Threat name:

Win32.Trojan.IcedID

Status:

Malicious

First seen:

2020-10-07 15:13:07 UTC

File Type:

PE (Dll)

AV detection:

21 of 29 (72.41%)

Threat level:

5/5

Verdict:

malicious

Label(s):

icedid

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/201007-ynckx58t22/

Behaviour

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Blacklisted process makes network request

Unpacked files

SH256 hash:

e333ee8df8edc262e5fe1c6c8bb448da22870204b2cbfff8a663571ca5cc4f0e

MD5 hash:

e56934ba1deb67aed02c8b51fe56a0d7

SHA1 hash:

44d4416cb37e53dfff0c8e7e587080e4555132aa

Link:

https://www.unpac.me/results/845b7c15-ba5d-4189-a961-2c59697d61f5/

SH256 hash:

313cc75b07446f95aeba59cba9d1db42f757b3d9a862893d93030c76cb093660

MD5 hash:

612a94f42c578943bdac8d871b5d5e4b

SHA1 hash:

fbc137439f41769fc178d91221b265412039441f

Link:

https://www.unpac.me/results/845b7c15-ba5d-4189-a961-2c59697d61f5/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

IcedID

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e333ee8df8edc262e5fe1c6c8bb448da22870204b2cbfff8a663571ca5cc4f0e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/68979/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample