MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f9e63320c3a3c14847155de9abdbbf38e44866500402d8985312d92f149df23b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f9e63320c3a3c14847155de9abdbbf38e44866500402d8985312d92f149df23b
SHA3-384 hash: 4247caf21eb6f0091034087334a51d8814f93cb180abc660b512de08276743f8be67d5e79b76913c99a9e5abf350cb6d
SHA1 hash: 7034bce7274bcab3c19cde332f8174f37ee58aef
MD5 hash: ab7ab5789e21ead82a0998b9817f77e7
humanhash: uncle-bakerloo-tennis-winter
File name:~5174078.exe
Download: download sample
Signature IcedID
Create hunting rule
File size:257'024 bytes
First seen:2020-07-21 21:05:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5f530eee01ca77a2e0476befabe95cb4 (2 x IcedID)
ssdeep 6144:6FbkG56j9jt5KpQX5HtybVus9g5ZbRZAOaEt+wG:wbkG5attMpQpNQus9g5ZzgEkwG
Threatray 902 similar samples on MalwareBazaar
TLSH 3E447C0175C2C4B2D6721A30057DEB654BBCBD600AA4DEAF63D8316E4FB75C09636EB2
Reporter malware_traffic
Tags:exe IcedID

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/30438/
Detection(s):
SecuriteInfo.com.Gen.NN.ZexaF.34136.pu0@aWFXyWbi.11320.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Detection:
icedid
Create hunting rule
Link:
https://mwdb.cert.pl/sample/f9e63320c3a3c14847155de9abdbbf38e44866500402d8985312d92f149df23b/
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 21:06:07 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
gozi
Create hunting rule
icedid
Create hunting rule
Similar samples:
485ce80c6972762a04ff59597bdd71381688c73750e1dddae91ad33e8e6f01b8
IcedID
58215823021c2da84fcf725bbb9b118aba9b72178577cba1d4c69545b9ae7fa2
IcedID
5bc0e27e86d9a4d5e7005669c12b97b56a42ac17fb5cc93de24f38527b5e97e1
IcedID
75195784a153205aad34eea77c000358081fd1e1c8abab6e532b2ae8e983c44b
IcedID
8ce3415cbd2d4a9345a47b937a7af1eec4388d0e673ce7c701df043105b5134f
IcedID
9ad02a119c0df3fb652557b2b5c3136a3fb7f80e78774f1bffd5237eb2d9a514
IcedID
d197285f37378d669afe2da7d3c60dcb93c118acf0d059d14ca67dcd73708ed2
IcedID
d748a00416baf3e4e5bf0a4e8312cd9c88872a6ab594628d7ff6d206e6705322
IcedID
e3be616e258172d4596cd61cbb6ec39b6e7aa0cf8138793783e21a4b6ab4c038
IcedID
fd9ed4c7107c4fb86d348d13f7e6c3b6c23e6c12084adc45ddfef4bc2ef2fbaf
IcedID
+ 892 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware
Link:
https://tria.ge/reports/200721-49z9lts8an/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Gathers system information
Runs net.exe
Discovers systems in the same network
Gathers network information
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Deletes itself
Loads dropped DLL
Reads user/profile data of web browsers
Deletes itself
Reads user/profile data of web browsers
Loads dropped DLL
Blacklisted process makes network request
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f9e63320c3a3c14847155de9abdbbf38e44866500402d8985312d92f149df23b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/30438/

Comments