MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa09c9ab2f3fc8d3c6541cb835769792d6bc041ba5aa1d04a22be1608791ad9e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

IcedID

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	fa09c9ab2f3fc8d3c6541cb835769792d6bc041ba5aa1d04a22be1608791ad9e
SHA3-384 hash:	36c15c60a0cb092763cd1409905b04345b45665b69359606f7d4e6bca933736db0137c59d6393a418afd7502378e39c3
SHA1 hash:	778a0fd8c2b307ad1aba4a66fadef2ff3306d5d0
MD5 hash:	5120008536c0de7bf6030f10377ec8c0
humanhash:	nevada-kentucky-india-crazy
File name:	SecuriteInfo.com.Trojan.GenericKD.34222957.15631.17502
Download:	download sample
Signature	IcedID Create hunting rule
File size:	404'480 bytes
First seen:	2020-08-01 19:34:49 UTC
Last seen:	2020-08-02 07:34:23 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	615cf2e278e0fbf3be9691e085d86dad (2 x ZLoader, 1 x IcedID)
ssdeep	6144:VhLHWQznGP/YR2rCnft7BdI7vHFtpuqVtT/C9KxwlfCokKYmT8SNhXDZi5121jYN:/WQznGYX1dIbHF5V09TlfDTthXc5M1j
TLSH	46845A0A7F04A4ABF697193D8E94F1F80E463C31AB5562F73AC05F4B76671473898A2C
Reporter	SecuriteInfoCom
Tags:	IcedID

Intelligence

File Origin

# of uploads :

# of downloads :

125

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/37082/

Detection(s):

SecuriteInfo.com.Win32.GenKryptik.EOOM.19081.UNOFFICIAL

PUA.Win.Downloader.Aiis-6803892-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Creating a window

Result

Threat name:

Unknown

Detection:

suspicious

Classification:

n/a

Score:

22 / 100

Link:

https://www.joesandbox.com/analysis/406918

Signature

Behaviour

Behavior Graph:

Download SVG

Detection:

zloader

Link:

https://mwdb.cert.pl/sample/fa09c9ab2f3fc8d3c6541cb835769792d6bc041ba5aa1d04a22be1608791ad9e/

Threat name:

Win32.Trojan.ZLoader

Status:

Malicious

First seen:

2020-07-23 01:59:38 UTC

AV detection:

18 of 28 (64.29%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=7ie4tkzph7enhrsuds4dk5uxslllyba3uwvb2bfcfpqwbb4rvwpa._file

Verdict:

unknown

Result

Malware family:

zloader

Score:

10/10

Tags:

trojan botnet family:zloader

Link:

https://tria.ge/reports/200801-yxa2qg44dx/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetThreadContext

Suspicious use of NtCreateUserProcessOtherParentProcess

Zloader, Terdot, DELoader, ZeusSphinx

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

IcedID

DLL dll fa09c9ab2f3fc8d3c6541cb835769792d6bc041ba5aa1d04a22be1608791ad9e

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/417903/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/37082/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample