MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8ba1e5eee3a0264e8ff37c37e28f7d37d02ec4fe7ba21a1c643e0d978289888c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8ba1e5eee3a0264e8ff37c37e28f7d37d02ec4fe7ba21a1c643e0d978289888c
SHA3-384 hash: bc0d821ec0c397998344a193af6a24c53270475b093b04c32d730f312358e3f3b75972c27df16dcbc91e0e15bf7efb12
SHA1 hash: 461f2c52dde58f401089e15c41bb66369a972de5
MD5 hash: 89b3aee211253205a4076bd11ab673e0
humanhash: artist-bacon-bulldog-south
File name:89b3aee211253205a4076bd11ab673e0.dll
Download: download sample
Signature IcedID
Create hunting rule
File size:6'058'496 bytes
First seen:2021-02-24 18:28:46 UTC
Last seen:2021-02-24 20:47:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 785058123e019a66da91a0acae2731fe (1 x IcedID)
ssdeep 98304:pjo92PjWVnB15lwf6H7fIUEIaFmQg7ncsAln26K8JD4uYUQj7nYhDr:Ggucs7fuIaHGctl26K8uuYUa7nYh/
Threatray 3 similar samples on MalwareBazaar
TLSH A556F1E96144375CC41AC574D423BA14B3B2540E1BEBA5EF71DB3BE06B9B4F19A32B02
Reporter abuse_ch
Tags:dll IcedID

Intelligence

File Origin
# of uploads :
2
# of downloads :
174
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
89b3aee211253205a4076bd11ab673e0.dll
Verdict:
No threats detected
Analysis date:
2021-02-24 18:43:03 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/bdbfd0c9-8cce-4fa4-8942-9c743bb3fdcb

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/119063/
Detection(s):
SecuriteInfo.com.Variant.Bulz.362300.6266.3380.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
IcedID
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/617220
Signature
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
System process connects to network (likely due to code injection or exploit)
Tries to detect virtualization through RDTSC time measurements
Yara detected IcedID
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8ba1e5eee3a0264e8ff37c37e28f7d37d02ec4fe7ba21a1c643e0d978289888c/
Threat name:
Win64.Trojan.Ligooc
Create hunting rule
Status:
Malicious
First seen:
2021-02-24 18:29:11 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
2ace0be70434934b6e140f679a0c1551dd589abedfb1f6abeb5ceffaf0a1b9d9
IcedID
81d14d241a35f52dae782c57784168f5295776984eb55d9f88f9f0cf12e67f72
IcedID
c5597c29f2c4b319d151a62e448202f3af45b2edd28d95513f44badd3292623c
IcedID
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210224-4key6llean/
Behaviour
Suspicious behavior: EnumeratesProcesses
Unpacked files
SH256 hash:
8ba1e5eee3a0264e8ff37c37e28f7d37d02ec4fe7ba21a1c643e0d978289888c
MD5 hash:
89b3aee211253205a4076bd11ab673e0
SHA1 hash:
461f2c52dde58f401089e15c41bb66369a972de5
Link:
https://www.unpac.me/results/ecf0a9d3-e8ae-4f2f-ba5e-4fd90f65bfa3/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

IcedID

Executable exe 8ba1e5eee3a0264e8ff37c37e28f7d37d02ec4fe7ba21a1c643e0d978289888c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1027555/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1027604/
Cape
Cape
https://www.capesandbox.com/analysis/119063/

Comments