MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f974fc781325113d7c24d37a7d778cd0d841ff9702f5d37612b4666a6607de13. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f974fc781325113d7c24d37a7d778cd0d841ff9702f5d37612b4666a6607de13
SHA3-384 hash: ebf83c422c84535bbd5beeb93ec11194b4236b9cd3b907d12f51e8407bd609c94101a39050cf1aed362ccb9ea1dd2e84
SHA1 hash: 19245eba301dd4d13e145171c518845ba25c7c89
MD5 hash: 5ead791dd71faffc37a9677ebb10e252
humanhash: beer-oregon-oklahoma-apart
File name:liut18
Download: download sample
Signature IcedID
Create hunting rule
File size:355'840 bytes
First seen:2020-07-30 15:13:42 UTC
Last seen:2020-07-30 15:46:31 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 8b9db6a8971f1f6955399a095f4baa4b (5 x IcedID)
ssdeep 6144:3iPezNVfjCMoEeHqHY2C4MlKNWsxCbVX31CQV9kfY:7N5CMoEeHqO4ZfxCbVH1fHQY
TLSH 0F744B01B7918034F4BF06F479BEA2A9553D7DE05B7484CB53C42AEE9A35AE0AD30B17
Reporter JAMESWT_WT
Tags:IcedID

Intelligence

File Origin
# of uploads :
2
# of downloads :
127
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/35602/
Detection(s):
PUA.Win.Packer.PrivateExeProte-11
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
IcedID
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/404132
Signature
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected IcedID
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f974fc781325113d7c24d37a7d778cd0d841ff9702f5d37612b4666a6607de13/
Threat name:
Win32.Worm.Cridex
Create hunting rule
Status:
Malicious
First seen:
2020-07-30 15:15:06 UTC
File Type:
PE (Dll)
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7f2py6ateuit27be2n5h254m2dmed74xal25g5qswrtguzqh3yjq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200730-ka6tkfplqn/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies system certificate store
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f974fc781325113d7c24d37a7d778cd0d841ff9702f5d37612b4666a6607de13

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/35602/

Comments