MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 015326f4d50aadc7642ed6043c8e451e208dfb0c57b1389a8a9994c74a30dd37. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 015326f4d50aadc7642ed6043c8e451e208dfb0c57b1389a8a9994c74a30dd37
SHA3-384 hash: 5ce4e1a2a95eda82f1c84e81e5142f14e50e5958781b7a9f7b93936ce7651f05f6dffaf759ad35f90f3158eb346fb752
SHA1 hash: f6cff28fcda4239d35bdb11f3d0d1ead273a5d6e
MD5 hash: 77d0d73564f14e1cb23f57be1ab973b7
humanhash: double-kilo-california-spaghetti
File name:textins.dll
Download: download sample
Signature IcedID
Create hunting rule
File size:402'944 bytes
First seen:2022-05-28 16:02:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:n49cfWTcALiwCeWu2E5u0v1qR/B8r5g1h:n4xQtLuZ5x14w
Threatray 219 similar samples on MalwareBazaar
TLSH T17D84BFB8B6142CE6E67E067BD9D67CE913B627628D8BF8CD4064B7C30563371EE06805
TrID 33.6% (.EXE) OS/2 Executable (generic) (2029/13)
33.1% (.EXE) Generic Win/DOS Executable (2002/3)
33.1% (.EXE) DOS Executable Generic (2000/1)
Reporter pr0xylife
Tags:exe IcedID

Intelligence

File Origin
# of uploads :
1
# of downloads :
348
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
textins.dll
Verdict:
No threats detected
Analysis date:
2022-05-28 16:03:37 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/52deeae9-bf29-482e-ad9f-2b65d1b83482

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/275172/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/629247b9945ebb7eb180144f/reports/ad204966-6763-477a-90cf-c9542db58567/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/3ef93930-2889-4f45-b77f-38e4896a9ad4
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1003146
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 635639 Sample: textins.dll Startdate: 29/05/2022 Architecture: WINDOWS Score: 48 19 Multi AV Scanner detection for submitted file 2->19 7 loaddll64.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 rundll32.exe 7->11         started        13 rundll32.exe 7->13         started        15 6 other processes 7->15 process5 17 rundll32.exe 9->17         started       
Gathering data
Threat name:
Win64.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2022-05-28 16:03:05 UTC
File Type:
PE+ (Dll)
Extracted files:
1
AV detection:
19 of 26 (73.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=afjsn5gvbkw4ozbo2ycdzdsfdyqi36ymk6ytrguktgkmosrq3u3q._file
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
0581f0bf260a11a5662d58b99a82ec756c9365613833bce8f102ec1235a7d4f7
IcedID
1e3ee4ca3cb45b8065bb17e744fa1ed235b0679add09bfea4bdefede04a70822
IcedID
3dfe63d2c9a7e2f848d2f92171cc577158318b4e9cb62e74ec603be84ba13109
IcedID
4b312a119321503383fbf9aaf65659046656096a7551d5a581f5cbb0055493c3
IcedID
5489565de27542c38fe51eb89e917945b510d87656eec7430fab93811f628145
IcedID
670790c8b4649865ef391bac63417c00ffbaa203c5df36d6c9720832b0949dcb
IcedID
9eea56f945cc00c5216b3250326f8b79d3d2cac5165b250b606729e72bd2647c
IcedID
cf21f09e90068f885e6f13009f71847bba6b0d8170515ce0f4b82da22de1012b
IcedID
+ 209 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220528-thbymachf7/
Unpacked files
SH256 hash:
015326f4d50aadc7642ed6043c8e451e208dfb0c57b1389a8a9994c74a30dd37
MD5 hash:
77d0d73564f14e1cb23f57be1ab973b7
SHA1 hash:
f6cff28fcda4239d35bdb11f3d0d1ead273a5d6e
Link:
https://www.unpac.me/results/b4316510-688d-4e07-96ff-edda7ab64b6b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/015326f4d50aadc7642ed6043c8e451e208dfb0c57b1389a8a9994c74a30dd37

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SPLCrypt
Create hunting rule
Author:James Quinn, Binary Defense
Description:Identifies SPLCrypt, a new crypter associated with Bazaloader

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/275172/

Comments