MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa09c9ab2f3fc8d3c6541cb835769792d6bc041ba5aa1d04a22be1608791ad9e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 7 File information Yara Comments

SHA256 hash: fa09c9ab2f3fc8d3c6541cb835769792d6bc041ba5aa1d04a22be1608791ad9e
SHA3-384 hash: 36c15c60a0cb092763cd1409905b04345b45665b69359606f7d4e6bca933736db0137c59d6393a418afd7502378e39c3
SHA1 hash: 778a0fd8c2b307ad1aba4a66fadef2ff3306d5d0
MD5 hash: 5120008536c0de7bf6030f10377ec8c0
humanhash: nevada-kentucky-india-crazy
File name:SecuriteInfo.com.Trojan.GenericKD.34222957.15631.17502
Download: download sample
Signature IcedID
File size:404'480 bytes
First seen:2020-08-01 19:34:49 UTC
Last seen:2020-08-02 07:34:23 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 615cf2e278e0fbf3be9691e085d86dad
ssdeep 6144:VhLHWQznGP/YR2rCnft7BdI7vHFtpuqVtT/C9KxwlfCokKYmT8SNhXDZi5121jYN:/WQznGYX1dIbHF5V09TlfDTthXc5M1j
TLSH 46845A0A7F04A4ABF697193D8E94F1F80E463C31AB5562F73AC05F4B76671473898A2C
Reporter @SecuriteInfoCom
Tags:IcedID

Intelligence


File Origin
# of uploads :
2
# of downloads :
71
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
22 / 100
Signature
a
c
d
e
f
g
h
i
L
M
n
o
p
r
s
t
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.ZLoader
Status:
Malicious
First seen:
2020-07-23 01:59:38 UTC
AV detection:
22 of 31 (70.97%)
Threat level
  5/5
Result
Malware family:
zloader
Score:
  10/10
Tags:
trojan botnet family:zloader
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Suspicious use of NtCreateUserProcessOtherParentProcess
Zloader, Terdot, DELoader, ZeusSphinx

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

IcedID

DLL dll fa09c9ab2f3fc8d3c6541cb835769792d6bc041ba5aa1d04a22be1608791ad9e

(this sample)

  
Delivery method
Distributed via web download

Comments