MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f42b5acdb0f61b1c030a75692200c43a707b3bf40394271e1adc7ebbb98ee1db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 7 File information Yara 1 Comments

SHA256 hash: f42b5acdb0f61b1c030a75692200c43a707b3bf40394271e1adc7ebbb98ee1db
SHA3-384 hash: 6b24680ebdec825b58145cc483eac22a16f60459068fa48c194033ff04465d70380aa0605489a958150c301bf3c7227f
SHA1 hash: 6b994050872b5565daaa65e063076fd3ed0afc38
MD5 hash: 654fdcfb7334c24fff5452d60a67083c
humanhash: arkansas-sixteen-jig-autumn
File name:SecuriteInfo.com.Trojan.IcedID.27.20373.18749
Download: download sample
Signature IcedID
File size:61'555 bytes
First seen:2020-08-01 19:36:38 UTC
Last seen:2020-08-02 07:33:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 251a47f1d9f865f7e179d16cc207e1c8
ssdeep 768:Wz9hFlHgzZfE+wlv/qVb0+ANbkBSnXtuCsaro7Hcg1:Wz9hFlDNFNuDCa7Hcg1
TLSH 15535B0126505473D067CAB189FB0738D97ABCA30B189AC792985CACA437ED1BE7335E
Reporter @SecuriteInfoCom
Tags:IcedID

Intelligence


File Origin
# of uploads :
2
# of downloads :
77
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Changing a file
DNS request
Sending a custom TCP request
Sending a UDP request
Result
Threat name:
IcedID
Detection:
malicious
Classification:
troj.evad
Score:
52 / 100
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Yara detected IcedID
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.IcedID
Status:
Malicious
First seen:
2020-07-24 18:44:07 UTC
AV detection:
24 of 31 (77.42%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Suspicious use of SetWindowsHookEx
Modifies system certificate store
Suspicious use of SetWindowsHookEx

Yara Signatures


Rule name:Cobalt_functions
Author:@j0sm1
Description:Detect functions coded with ROR edi,D; Detect CobaltStrike used by differents groups APT

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

IcedID

Executable exe f42b5acdb0f61b1c030a75692200c43a707b3bf40394271e1adc7ebbb98ee1db

(this sample)

  
Delivery method
Distributed via web download

Comments