MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bc6a441a3036c1310886b671943e487d47f2c7d1b4bd125d7b0cf0f3090b8281. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


IcedID


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bc6a441a3036c1310886b671943e487d47f2c7d1b4bd125d7b0cf0f3090b8281
SHA3-384 hash: 003ebc29577ca7ad001e5835756d10a9f074bda711d1c9a800e327e3401b08507c0a86be1130558dc231a2269fdc7179
SHA1 hash: 8632bff9f308fa57ae5bd1aad56b5ec8ff91f466
MD5 hash: 791779361e8db64ec7fbeb8b82d68ce7
humanhash: low-summer-uncle-lake
File name:loadfsc2.dll
Download: download sample
Signature IcedID
Create hunting rule
File size:565'248 bytes
First seen:2022-02-14 16:12:01 UTC
Last seen:2022-02-15 13:13:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b5a81cca6434169cd57fee19df69c17e (1 x IcedID)
ssdeep 12288:1p5lV8LxIGxW79Bnoe7WlQg80K8cb7rsO:1zMOGxWZBnXtg6d3rb
TLSH T191C4BF65767505F5E067953C88734902D7B23C71173093EBA3A5B21B1E3BFE06A3AB22
Reporter r3dbU7z
Tags:exe IcedID spy

Intelligence

File Origin
# of uploads :
3
# of downloads :
331
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/241428/
Detection(s):
SecuriteInfo.com.Win64.Kryptik.CWT.21085.23351.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control.exe greyware packed
Link:
https://www.filescan.io/uploads/620a7f6554047500bb544895/reports/8d54c225-c569-4c8a-b5d8-3ea076029990/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d9997d66-3234-46a7-9f05-656daa87870f
Result
Threat name:
IcedID
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/939783
Signature
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Yara detected IcedID
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 572258 Sample: loadfsc2.dll Startdate: 14/02/2022 Architecture: WINDOWS Score: 60 19 Multi AV Scanner detection for submitted file 2->19 21 Yara detected IcedID 2->21 23 Sigma detected: Suspicious Call by Ordinal 2->23 7 loaddll64.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 rundll32.exe 7->11         started        13 rundll32.exe 7->13         started        15 2 other processes 7->15 process5 17 rundll32.exe 9->17         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bc6a441a3036c1310886b671943e487d47f2c7d1b4bd125d7b0cf0f3090b8281/
Threat name:
Win64.Trojan.IcedID
Create hunting rule
Status:
Malicious
First seen:
2022-02-14 16:12:11 UTC
File Type:
PE+ (Dll)
Extracted files:
9
AV detection:
25 of 43 (58.14%)
Threat level:
  5/5
Result
Malware family:
icedid
Create hunting rule
Score:
  10/10
Tags:
family:icedid campaign:412701809 banker suricata trojan
Link:
https://tria.ge/reports/220214-tnhncsbecq/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Drops file in Windows directory
IcedID, BokBot
suricata: ET MALWARE Win32/IcedID Request Cookie
Unpacked files
SH256 hash:
bc6a441a3036c1310886b671943e487d47f2c7d1b4bd125d7b0cf0f3090b8281
MD5 hash:
791779361e8db64ec7fbeb8b82d68ce7
SHA1 hash:
8632bff9f308fa57ae5bd1aad56b5ec8ff91f466
Link:
https://www.unpac.me/results/aef25422-3f73-42e5-b9fd-fbeb8d244622/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bc6a441a3036c1310886b671943e487d47f2c7d1b4bd125d7b0cf0f3090b8281

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

IcedID

Executable exe bc6a441a3036c1310886b671943e487d47f2c7d1b4bd125d7b0cf0f3090b8281

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/241428/
  
URLhaus
https://urlhaus.abuse.ch/url/2043858/

Comments