MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a7176a246d4d5108c1d9efcff7ae86e3c95345379e53226175968ec306a3c47. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2a7176a246d4d5108c1d9efcff7ae86e3c95345379e53226175968ec306a3c47
SHA3-384 hash: f4a4af4b0eba56a5b2ebbb40a011c8d0b42499885fc6cc7e862d1500b4cf6c043f345327af7bc6ff5261576a84f7ae03
SHA1 hash: 82bcb16cc38ea71308a637cc3139fe7bafc372e3
MD5 hash: f7328efb62d3f3590ca010c77770b83f
humanhash: table-virginia-fish-venus
File name:lagbed.dll
Download: download sample
Signature IcedID
Create hunting rule
File size:670'835 bytes
First seen:2022-12-22 22:48:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 536b28da1fb7df0821d82dad883235e3 (1 x IcedID)
ssdeep 6144:vd3FV0RqEVNg5AmdlXSvCCtvb23AqmLtvw7V6F4mqT1Ci1TwRe50qEh+zsOijTRm:13UmjXaLu7GkXTw05nmZfRR8CF38
Threatray 1'276 similar samples on MalwareBazaar
TLSH T138E49E07E9B353B9C8A9C0744EE761317B32B9288220AD67A74CE6303F53F24569B75D
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter 604Kuzushi
Tags:exe IcedID

Intelligence

File Origin
# of uploads :
1
# of downloads :
236
Origin country :
CA CA
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
lagbed.dll
Verdict:
Suspicious activity
Analysis date:
2022-12-22 22:49:17 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b1a42f3e-d5c2-4d11-acdb-49c0b68f98d4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/349226/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Searching for the window
DNS request
Gathering data
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/9a64db1b-6bd5-4da8-bdfd-6fa066fcedff
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
4 / 100
Link:
https://www.joesandbox.com/analysis/1139687
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2a7176a246d4d5108c1d9efcff7ae86e3c95345379e53226175968ec306a3c47/
Threat name:
Win64.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2022-12-22 22:49:06 UTC
File Type:
PE+ (Dll)
AV detection:
8 of 26 (30.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fjyxnisg2tkrbda5t36p66xiny6jknctphstejqxlfuoymdkhrdq._file
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
01fcaac089adb57be61812b11860fb264cad44b7e3a60b3519ff964a9f459b73
IcedID
0db4a196c637addd1bc0ecc0d0d616b8d757d606ab20a49d0c325ae0e4f1f6ae
IcedID
4e0c29650969a06a83ef30877b453ff35a9d30a1988612f90675958e5a9a0581
IcedID
56fc9355e731581623fbfcb507be348e51c65f6afb2ac6e6f44764f7e2693cec
IcedID
99dfb7baafec050861e152a036af86fc0c7663f3c719d58a56dfd9f06f4b8cef
IcedID
a5f81b3f092a05dc7026957e5d716e5976a38b152d1823ac76b84e189aa4a75b
IcedID
ca04842f4ead02f9ca4bb59856102b738ce2fb10bf18a4e087284e5a1b4d1380
IcedID
+ 1'266 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/221222-2q5vnsfd67/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Verdict:
Informative
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/90a5a8b6-8101-4b5d-ad0d-efdc58ee3293
Unpacked files
SH256 hash:
2a7176a246d4d5108c1d9efcff7ae86e3c95345379e53226175968ec306a3c47
MD5 hash:
f7328efb62d3f3590ca010c77770b83f
SHA1 hash:
82bcb16cc38ea71308a637cc3139fe7bafc372e3
Link:
https://www.unpac.me/results/f66ee355-3faf-436b-82b7-3be67a61e6d9/
Malware family:
IcedID
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/2a7176a246d4/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2a7176a246d4d5108c1d9efcff7ae86e3c95345379e53226175968ec306a3c47

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SPLCrypt
Create hunting rule
Author:James Quinn, Binary Defense
Description:Identifies SPLCrypt, a new crypter associated with Bazaloader

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/349226/

Comments


Avatar
IC commented on 2022-12-22 22:48:53 UTC

Via https://wwww-slack.top/downloads/windows/