MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff6353b97df24c70f01f79c12c29d597c8fdf84675fa4ccae6994c5e8e9798cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: ff6353b97df24c70f01f79c12c29d597c8fdf84675fa4ccae6994c5e8e9798cf
SHA3-384 hash: 421974493ce9a7f809294c5431b893a7192fbc40bc875426bbfed1e5218981e7885a229670265ee98098162453de66e4
SHA1 hash: 3d7f5484ec822ea8f9dd021f4e4f18fa08dfc562
MD5 hash: fa0ac95c9e929f9a1933877c05be4a60
humanhash: sierra-bacon-mango-cat
File name:iceix_1.2.6.0.vir
Download: download sample
Signature ZeuS
File size:514'560 bytes
First seen:2020-07-19 19:49:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0ebb3c09b06b1666d307952e824c8697
ssdeep 12288:OufT67Cqw9dSlIFYsobg8vsUfr3GjWlkw:OY67Cq/aYa8k03blk
TLSH C0B4121216E0967AE0E637B150FA1673223EBCE01B7C93FF124946D95CA22D16A7532F
Reporter @tildedennis
Tags:iceix


Twitter
@tildedennis
iceix version 1.2.6.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
32
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Result
Threat name:
ZeusVM
Detection:
malicious
Classification:
bank.troj.adwa.evad
Score:
100 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zbot
Status:
Malicious
First seen:
2015-07-21 00:17:00 UTC
AV detection:
25 of 31 (80.65%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx persistence
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Checks whether UAC is enabled
Suspicious use of SetThreadContext
Adds Run key to start application
Executes dropped EXE
UPX packed file
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments