MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b312a119321503383fbf9aaf65659046656096a7551d5a581f5cbb0055493c3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 6


Intelligence 6 IOCs 1 YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4b312a119321503383fbf9aaf65659046656096a7551d5a581f5cbb0055493c3
SHA3-384 hash: 01c7b1e132f98aa91394dc76e9252ef86ee48f37498e15722624e37373b06ddb330eee8f74e8c0877d917bc46bd38b9c
SHA1 hash: e269fb48c2d776cb1d1475f0b7af862261d9d94b
MD5 hash: 369ba7ee68cc730c6c1506dce3b9b01d
humanhash: mockingbird-summer-april-autumn
File name:4b312a119321503383fbf9aaf65659046656096a7551d.dll
Download: download sample
Signature IcedID
Create hunting rule
File size:304'640 bytes
First seen:2022-05-26 17:23:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 6144:5iifM46ejmz5TTeVDIYlttmE9Q+nRPlOb+:RMGjCTTexRQORk
Threatray 212 similar samples on MalwareBazaar
TLSH T1DD54BFB8B2346CD6D66E4577C9D67CE92EA637628E8AF8CD80A477C30163731FD05824
TrID 33.6% (.EXE) OS/2 Executable (generic) (2029/13)
33.1% (.EXE) Generic Win/DOS Executable (2002/3)
33.1% (.EXE) DOS Executable Generic (2000/1)
Reporter abuse_ch
Tags:dll exe IcedID


Avatar
abuse_ch
IcedID C2:
uleoballs.com

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
uleoballs.com https://threatfox.abuse.ch/ioc/638268/

Intelligence

File Origin
# of uploads :
1
# of downloads :
334
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
4b312a119321503383fbf9aaf65659046656096a7551d.dll
Verdict:
No threats detected
Analysis date:
2022-05-26 17:25:41 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0e94147e-2d55-4cb1-9a17-bf5b941eb490

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/274802/
Detection(s):
SecuriteInfo.com.Behavior.Win32.DefenseEvasion.Aml.28223.8539.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/628fb7b46eb3ff326330d2c8/reports/2c4f2c82-9c0d-460b-9a89-17cdbf76b39f/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/c3f07110-9a77-4231-8f47-4ecd32c7405a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1002267
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 634763 Sample: 4b312a119321503383fbf9aaf65... Startdate: 26/05/2022 Architecture: WINDOWS Score: 48 19 Multi AV Scanner detection for submitted file 2->19 7 loaddll64.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 rundll32.exe 7->11         started        13 rundll32.exe 7->13         started        15 6 other processes 7->15 process5 17 rundll32.exe 9->17         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4b312a119321503383fbf9aaf65659046656096a7551d5a581f5cbb0055493c3/
Threat name:
Win64.Trojan.IcedID
Create hunting rule
Status:
Suspicious
First seen:
2022-05-25 17:36:00 UTC
File Type:
PE+ (Dll)
Extracted files:
1
AV detection:
7 of 26 (26.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jmysuemtefidha737gvpmvszartfmclkovi5ljmb6xf3abkuspbq._file
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
0581f0bf260a11a5662d58b99a82ec756c9365613833bce8f102ec1235a7d4f7
IcedID
08d30d6646117cd96320447042fb3857b4f82d80a92f31ee91b16044b87929c0
IcedID
0a497cdeb92189e1611c15669897de70e8aed2be2484346686252bea387abfa4
IcedID
2123ed9e1662ae4805361fb25f1389bcbbb096e0a975d98a133797481ed0ebcd
IcedID
3dfe63d2c9a7e2f848d2f92171cc577158318b4e9cb62e74ec603be84ba13109
IcedID
40ebe3926c1114a708fbffbbff9d34fa6949eaab418ea53d0d1eda830d1411bb
IcedID
9b4837e83ac014e497c6c62490dbd361d79f26a7441eb1c499aab4469006606c
IcedID
ed24c4f468bc20fe152badf719ad0b1596037e829ec8d02be2f0ec1c9760c3e8
IcedID
+ 202 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220526-vypp4adde3/
Unpacked files
SH256 hash:
4b312a119321503383fbf9aaf65659046656096a7551d5a581f5cbb0055493c3
MD5 hash:
369ba7ee68cc730c6c1506dce3b9b01d
SHA1 hash:
e269fb48c2d776cb1d1475f0b7af862261d9d94b
Link:
https://www.unpac.me/results/072c60c0-f052-4d7f-b4fc-9a90eb64bf3b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4b312a119321503383fbf9aaf65659046656096a7551d5a581f5cbb0055493c3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SPLCrypt
Create hunting rule
Author:James Quinn, Binary Defense
Description:Identifies SPLCrypt, a new crypter associated with Bazaloader

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/274802/

Comments