MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 50165bf93643c3ee448eb480217442f19567918b7ea98722bb404e7fea558a2b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 50165bf93643c3ee448eb480217442f19567918b7ea98722bb404e7fea558a2b
SHA3-384 hash: 7e4c8e4ba0c017f02614ea0b06a39677f990200952aef18a2e1e4385970880c86e8e538139decdce6576e4a3b7cc5ac6
SHA1 hash: 5bd12244ddb2e6fde14bc67a66ef8d287e37a0d1
MD5 hash: eda4e741af2c0316ee18ad2651059d92
humanhash: romeo-blue-nevada-steak
File name:3.dll
Download: download sample
Signature IcedID
Create hunting rule
File size:582'656 bytes
First seen:2022-02-10 10:44:20 UTC
Last seen:2022-02-10 13:05:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f4c262deab2a9043eb129fac228e0360 (1 x IcedID)
ssdeep 12288:3WegyebFvz+mILoUeAICSvNk8nsTJiOXmkZdmTC3:Ge/Evz1IL7+zNkVAOBZiC3
Threatray 26 similar samples on MalwareBazaar
TLSH T141C4C025277405B5F037943C88738906E7727C61177096EBA3A5732A5F3BFE0963AB22
Reporter madjack_red
Tags:exe IcedID

Intelligence

File Origin
# of uploads :
2
# of downloads :
376
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/240612/
Detection(s):
SecuriteInfo.com.Ransom.Win64.Emotet.luheur.5778.1803.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file
Searching for synchronization primitives
Launching a service
Sending a custom TCP request
DNS request
Sending an HTTP GET request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control.exe emotet greyware packed
Link:
https://www.filescan.io/uploads/6204ecb336f99219183729fe/reports/92bfd2a5-6e0d-49b7-bc6f-cb7f67ae58b0/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/8cfe3917-d984-4305-9673-3ccd263c5b0a
Result
Threat name:
IcedID
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/937567
Signature
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Yara detected IcedID
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 570046 Sample: 3.dll Startdate: 10/02/2022 Architecture: WINDOWS Score: 68 20 cleverballs.com 2->20 22 Multi AV Scanner detection for domain / URL 2->22 24 Multi AV Scanner detection for submitted file 2->24 26 Yara detected IcedID 2->26 28 Sigma detected: Suspicious Call by Ordinal 2->28 8 loaddll64.exe 1 2->8         started        signatures3 process4 process5 10 cmd.exe 1 8->10         started        12 rundll32.exe 8->12         started        14 rundll32.exe 8->14         started        16 2 other processes 8->16 process6 18 rundll32.exe 10->18         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/50165bf93643c3ee448eb480217442f19567918b7ea98722bb404e7fea558a2b/
Threat name:
Win64.Trojan.IcedID
Create hunting rule
Status:
Suspicious
First seen:
2022-02-10 10:45:10 UTC
File Type:
PE+ (Dll)
Extracted files:
9
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
326240f8452d146c9296987a3d8e0e030e8284b5b2282dd18e8edb24cfc5f738
IcedID
437593520bc826331731c5f879a4f2f85720801e6eefb6a9f8180711630b56dd
IcedID
4b4ef74c5e07471f8b5d379723d468e378798a49ba5446a71be1b135cae4bf07
IcedID
6e46958960f575bfdc14a3da83de4249ab3f23f834aec3d2b5ca8891f9c91bc8
IcedID
9a09137e28cc0e5af606db45d95f1fb46e1024129eb065e2d854c7aecda82ba0
IcedID
a0b8e020ff671176da99897f3cfa35be9206e46e3d7215603aa09b091ef4db57
IcedID
b8d794f6449669ff2d11bc635490d9efdd1f4e92fcb3be5cdb4b40e4470c0982
IcedID
cf004c6d421b104f80c2076b2ae28f27c065da7e61317364c0daef85d4ac7136
IcedID
e1e9e84a24abaa8658d8715d32e21ed51f1c548123155f4c88bbc8722eecbfbd
IcedID
f4b871a9b2e0b43dd82576d80d178048c95d62876bc8c832f5d874f74e830336
IcedID
+ 16 additional samples on MalwareBazaar
Result
Malware family:
icedid
Create hunting rule
Score:
  10/10
Tags:
family:icedid campaign:3825802847 banker suricata trojan
Link:
https://tria.ge/reports/220210-mteekaghgk/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Drops file in Windows directory
IcedID, BokBot
suricata: ET MALWARE Win32/IcedID Request Cookie
Unpacked files
SH256 hash:
50165bf93643c3ee448eb480217442f19567918b7ea98722bb404e7fea558a2b
MD5 hash:
eda4e741af2c0316ee18ad2651059d92
SHA1 hash:
5bd12244ddb2e6fde14bc67a66ef8d287e37a0d1
Link:
https://www.unpac.me/results/ad9c6629-f4dd-474c-b88c-c179782b776f/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/240612/

Comments