MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a255c614308841566c702885af804849302b45c9331072bc43a53174530e0550. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a255c614308841566c702885af804849302b45c9331072bc43a53174530e0550
SHA3-384 hash: 899db106015977542a9c6fada8643d98e0c32517be0125d6fe5b3cf4c6eba0a9b5238b2a7ad1d009cb90813c125a936b
SHA1 hash: e51bd61a1c22bceb3599095bf4568403d8488be0
MD5 hash: 560409119713237cb8008241f63a9d12
humanhash: mike-november-lion-papa
File name:vBLqYTvx.dll
Download: download sample
Signature IcedID
Create hunting rule
File size:55'808 bytes
First seen:2022-07-12 17:39:36 UTC
Last seen:2022-07-12 18:47:23 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 1536:RGwePy6+PeFJk9x0/sJZmbTk16AvNO+v38ZNItym:sy6+PeoJIWhNTvYqAm
Threatray 432 similar samples on MalwareBazaar
TLSH T16D439D71E98424DAD97E8076CB8678E7723177A58E9ADDCED034B9C31093F36EE19204
TrID 33.6% (.EXE) OS/2 Executable (generic) (2029/13)
33.1% (.EXE) Generic Win/DOS Executable (2002/3)
33.1% (.EXE) DOS Executable Generic (2000/1)
Reporter pr0xylife
Tags:exe IcedID

Intelligence

File Origin
# of uploads :
2
# of downloads :
362
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
vBLqYTvx.dll
Verdict:
No threats detected
Analysis date:
2022-07-12 17:41:51 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/860a58db-1318-4a48-b34f-67216acbe030

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/286647/
Detection(s):
SecuriteInfo.com.UDS.Trojan-Banker.Win32.IcedID.28171.8758.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Searching for the window
DNS request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/62cdb23181790e51fe5c4912/reports/dee6c59f-6f45-4428-ac13-0628ffe68819/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
IcedID
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/fa3f6d32-8cc4-41c6-8f1d-22a014ec585c
Result
Threat name:
IcedID
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1029633
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
System process connects to network (likely due to code injection or exploit)
Tries to detect virtualization through RDTSC time measurements
Yara detected IcedID
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a255c614308841566c702885af804849302b45c9331072bc43a53174530e0550/
Threat name:
Win64.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2022-07-12 17:40:07 UTC
File Type:
PE+ (Dll)
AV detection:
16 of 26 (61.54%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ujk4mfbqrbavm3dqfcc27acijeycwrojgmihfpcduuyxiuyoavia._file
Verdict:
malicious
Label(s):
icedid
Create hunting rule
Similar samples:
0581f0bf260a11a5662d58b99a82ec756c9365613833bce8f102ec1235a7d4f7
IcedID
0a497cdeb92189e1611c15669897de70e8aed2be2484346686252bea387abfa4
IcedID
0d175d92e0d810a3b94e11f2710f414e17d9bae21756a466e49db088b47efb3a
IcedID
3dfe63d2c9a7e2f848d2f92171cc577158318b4e9cb62e74ec603be84ba13109
IcedID
4b312a119321503383fbf9aaf65659046656096a7551d5a581f5cbb0055493c3
IcedID
670790c8b4649865ef391bac63417c00ffbaa203c5df36d6c9720832b0949dcb
IcedID
a746ab385c513d0f73076ed4f83ac9e4e286ca7a8e5d6a5a4f0062026039b265
IcedID
fd0e07ec492cb76abaca206083a13f5cad0a3ed563495c852f13b4876e63974c
IcedID
+ 422 additional samples on MalwareBazaar
Result
Malware family:
icedid
Create hunting rule
Score:
  10/10
Tags:
family:icedid campaign:193823523 banker loader suricata trojan
Link:
https://tria.ge/reports/220712-v8vdbsebh9/
Behaviour
Suspicious behavior: EnumeratesProcesses
Blocklisted process makes network request
IcedID, BokBot
suricata: ET MALWARE Win32/IcedID Request Cookie
Malware Config
C2 Extraction:
blionarywesta.com
Unpacked files
SH256 hash:
a255c614308841566c702885af804849302b45c9331072bc43a53174530e0550
MD5 hash:
560409119713237cb8008241f63a9d12
SHA1 hash:
e51bd61a1c22bceb3599095bf4568403d8488be0
Link:
https://www.unpac.me/results/52bb3214-9d7e-4917-9802-ba6a45ab8907/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a255c614308841566c702885af804849302b45c9331072bc43a53174530e0550

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SPLCrypt
Create hunting rule
Author:James Quinn, Binary Defense
Description:Identifies SPLCrypt, a new crypter associated with Bazaloader

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/286647/

Comments