MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2b50e3c91db5e8b987b78a9d207e09726bebfed5cc482c8790d89db7ffb446c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2b50e3c91db5e8b987b78a9d207e09726bebfed5cc482c8790d89db7ffb446c6
SHA3-384 hash: 08523d9ecfe5ee6334fb437958840e77a3ab37dc382bc4a28ab57327abb37f36042092e55d9543f103ba47edece1bc3a
SHA1 hash: 1e62004c06acbb47f05e5f127b1aa3c9589ec5a4
MD5 hash: e99b6159d02d4005c0e045e65be682a9
humanhash: oscar-alanine-mars-oven
File name:e99b6159d02d4005c0e045e65be682a9.dll
Download: download sample
Signature IcedID
Create hunting rule
File size:72'704 bytes
First seen:2022-01-12 10:48:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f30f2b5b65c947eccbf132b668fe3257 (43 x BazaLoader, 12 x IcedID)
ssdeep 768:23CqXrwWgmv0Wf7Ynr6fvZMK+o9jCqreJnAiDZ2e/yyv8943rZEYl3pKthpOFx:qXUWL17YnM+o9jTlkA6jU9mrZ9l3gh0
TLSH T1E9637C5762A602B5C196D1BC82AB7B32C37DF110AB0063CF1B3485EA4F733D29E79965
Reporter abuse_ch
Tags:dll exe IcedID

Intelligence

File Origin
# of uploads :
1
# of downloads :
294
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
e99b6159d02d4005c0e045e65be682a9.dll
Verdict:
No threats detected
Analysis date:
2022-01-12 10:58:11 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a1d6dd29-1d60-404c-95ca-9d460a7d6e41

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/218689/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
DNS request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/39fc2539-63d8-434a-b06f-b2e5540c6142
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
22 / 100
Link:
https://www.joesandbox.com/analysis/919165
Signature
Sigma detected: Suspicious Call by Ordinal
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 551639 Sample: 76NvazYbjW.dll Startdate: 12/01/2022 Architecture: WINDOWS Score: 22 19 Sigma detected: Suspicious Call by Ordinal 2->19 7 loaddll64.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 rundll32.exe 7->11         started        13 rundll32.exe 7->13         started        15 rundll32.exe 7->15         started        process5 17 rundll32.exe 9->17         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2b50e3c91db5e8b987b78a9d207e09726bebfed5cc482c8790d89db7ffb446c6/
Result
Malware family:
icedid
Create hunting rule
Score:
  10/10
Tags:
family:icedid campaign:480946516 banker suricata trojan
Link:
https://tria.ge/reports/220112-mwn2sacdcq/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Loads dropped DLL
Blocklisted process makes network request
IcedID, BokBot
Process spawned unexpected child process
suricata: ET MALWARE Win32/IcedID Request Cookie
Malware Config
C2 Extraction:
olerantand.top
Unpacked files
SH256 hash:
2b50e3c91db5e8b987b78a9d207e09726bebfed5cc482c8790d89db7ffb446c6
MD5 hash:
e99b6159d02d4005c0e045e65be682a9
SHA1 hash:
1e62004c06acbb47f05e5f127b1aa3c9589ec5a4
Link:
https://www.unpac.me/results/09f5bfab-8f4c-4cd9-a3db-23738acdd2c0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2b50e3c91db5e8b987b78a9d207e09726bebfed5cc482c8790d89db7ffb446c6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

IcedID

Executable exe 2b50e3c91db5e8b987b78a9d207e09726bebfed5cc482c8790d89db7ffb446c6

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/218689/
  
URLhaus
https://urlhaus.abuse.ch/url/1969760/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1970233/
  
URLhaus
https://urlhaus.abuse.ch/url/1970240/
  
URLhaus
https://urlhaus.abuse.ch/url/1970235/

Comments